Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to leverage Software Bill of Materials (SBOM) and Vulnerability Exchange (VEX) documents to determine the actual exploitability of vulnerabilities in third-party code components. Explore the challenges of Software Composition Analysis tools that generate overwhelming amounts of vulnerability data, and discover how internal developer context about third-party package usage is crucial for accurate vulnerability assessment. Understand the compliance requirements stemming from Executive Order 14028 "Improving the Nation's Cybersecurity" that mandates SBOM and VEX generation for critical software vendors and federal agencies. Examine how these documents can serve beyond mere compliance as powerful resources for vulnerability exploitability analysis. Discover automated approaches to SBOM and VEX generation that achieve scalable compliance while simultaneously reducing false positives in vulnerability assessments. Gain insights into practical implementation strategies that enhance customer trust by providing more accurate vulnerability reporting and improving supply chain security posture for both government and commercial environments.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
