I attended a meeting in Washington this past week and it's very clear that people are confused over VEX.
Today, I read an article that confirms this confusion over VEX so I wrote a small piece that clarifies the distinction between CSAF VEX and a CSAF "Security Advisory". People are confusing VEX with Security Advisories. The description of VEX as a "Negative Security Advisory" comes directly from the author of VEX, Thomas Schmidt, as shown in the video clip linked in the article, (link below). https://energycentral.com/c/iu/cybersecurity-risks-us-critical-infrastructur e-sector-call-better-skills Please help people understand the distinction. I'm concerned this situation will negatively impact SBOM adoption. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4889): https://lists.spdx.org/g/Spdx-tech/message/4889 Mute This Topic: https://lists.spdx.org/mt/95604962/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
