BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.securitybsides.org.uk//bsides-london-2024//talk//EWZ
 VMW
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-london-2024-EWZVMW@cfp.securitybsides.org.uk
DTSTART;TZID=GMT:20241214T154000
DTEND;TZID=GMT:20241214T155500
DESCRIPTION:For application security engineers\, managing CVEs has become a
 n overwhelming task due to the rising number of CVEs\, inaccurate vulnerab
 ility scanners\, and user demands for zero CVEs in dependencies. My talk a
 ims to demonstrate how VEX documents can eliminate the time-consuming spre
 adsheet back-and-forths by programmatically expressing vulnerability appli
 cability information. By showcasing a workflow and tools introduced for Ci
 lium\, I will illustrate how VEX documents enable automatic exclusion of n
 on-applicable CVEs from scanners\, distribute triage workload to knowledge
 able teams\, and generate documentation on vulnerability applicability. Re
 al examples from Isovalent's use of VEX documents in our security workflow
  will support these points. I hope attendees will leave convinced of the b
 enefits of generating and using VEX documentation to focus more on address
 ing real vulnerabilities.
DTSTAMP:20260609T052256Z
LOCATION:Rookie track 1
SUMMARY:VEXatious vulnerabilities: CVE management for the overwhelmed secur
 ity engineer - Feroz Salam
URL:https://cfp.securitybsides.org.uk/bsides-london-2024/talk/EWZVMW/
END:VEVENT
END:VCALENDAR