Skip to main content

3 posts tagged with "dependencies"

View All Tags

ยท 4 min read
Alex Vanderpot

What is VEX?

As we highlighted in our post on False Positives in Vulnerability Scanning,1 output of vulnerability assessment tools like npm audit can be cumbersome because it lacks context. VEX (Vulnerability EXchange) is a new standard developed by the NTIA to exchange information about which vulnerabilities are actually exploitable in a product.