The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered forCloudNativeSecurityCon North America 2024 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
Notorious events such as the xz backdoor often lead to a surge in user inquiries, with repetitive questions becoming a common occurrence. What's more, when a vulnerability doesn't affect your software, scanners may generate false positives. It's a recurring challenge for any application security team. Enter VEX, the Vulnerability Exploitability eXchange, a complementary format to SBOM allowing developers to communicate the impact of vulnerabilities on their software. VEX also provides insights into the triage status and facilitates automation to address false positives in security scanners. In this presentation, we'll delve into how the Kubernetes ReleEng Team, in collaboration with TAG Security, bootstrapped OpenVEX feeds throughout the CNCF ecosystem. Using these initiatives as a roadmap, we'll show how to effortlessly build a new feed and showcase the automation of VEX data, and illustrate through hands-on demos, how consumers and security tools can leverage it effectively.
Adolfo García Veytia (@puerco) is a software engineer with Stacklok. He is one of the Kubernetes SIG Release Technical Leads, actively on the Release Engineering team. He specializes in improvements to automation behind the Kubernetes release process. He is also the creator OpenVEX... Read More →
Thursday June 27, 2024 10:05am - 10:20am PDT
Ballroom 2-3
