Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to integrate VEX (Vulnerability Exploitability eXchange) into Open Source workflows to meet compliance requirements and improve security practices in this conference talk from FOSDEM 2026. Discover the real-world challenges of implementing VEX in active OSS projects, including determining vulnerability reachability, assessing exploitability in specific code paths, and maintaining accuracy across frequent releases and dependency updates. Explore practical solutions through lessons learned from implementing automated VEX generation in Apache Solr, replacing manual processes with streamlined tooling. Understand the friction points OSS maintainers encounter when adopting VEX, learn strategies for integrating VEX generation into CI/CD pipelines, and examine the design and implementation of the VEX Generation ToolSet. Gain insights into balancing automation with project-specific security review processes while discovering the benefits and limitations of introducing VEX at scale. Master the operational aspects of VEX implementation that go far beyond simple SBOM generation, and understand how proper tooling can reduce maintainer burden while improving compliance quality and accuracy for downstream users.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
