Tag
csaf
Safeguard articles tagged "csaf" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Concepts
What is a Vulnerability Exploitability eXchange (VEX) Statement
A VEX statement is a machine-readable assertion of whether a product is actually affected by a CVE — the document that stops your customers from triaging your SBOM for you.
Aug 22, 20256 min read
SBOM
VEX Documents: The Missing Context That Makes SBOMs Actio...
SBOMs list every component but stay silent on whether a CVE is actually exploitable. VEX documents supply that missing context — here's how the standard works.
Jul 29, 20257 min read
SBOM & Compliance
How to Build a VEX Document for Your Consumers
A hands-on tutorial for producing a CSAF-VEX document that tells your customers which CVEs actually affect your product and which do not.
Jul 22, 20246 min read
DevSecOps
VEX Explained: How Vulnerability Exploitability Exchange Cuts Through Alert Noise
VEX documents let software producers tell consumers which vulnerabilities actually affect their products. Here's how VEX works and why it matters.
Jul 20, 20227 min read