Tag
openvex
Safeguard articles tagged "openvex" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Concepts
What Is VEX (Vulnerability Exploitability eXchange)?
VEX is a machine-readable advisory that states whether a product is actually affected by a known vulnerability. Here's how its status values work and why it cuts SBOM-driven false positives.
Jul 2, 20266 min read
SBOM
OpenVEX vs. CycloneDX VEX: Which to Pick
A direct comparison of OpenVEX and CycloneDX VEX in 2026, covering spec differences, tooling support, and the operational tradeoffs that actually affect your choice.
Feb 11, 20266 min read
Concepts
What is a Vulnerability Exploitability eXchange (VEX) Statement
A VEX statement is a machine-readable assertion of whether a product is actually affected by a CVE — the document that stops your customers from triaging your SBOM for you.
Aug 22, 20256 min read