In late January, the VEX working group hosted by CISA (Cybersecurity and Infrastructure Security Agency) voted to publish the “Minimum Elements for VEX” document. The document defines the fields, flags and structure necessary to express valid VEX (Vulnerability Exploitability eXchange) statements.
Read full article on The New Stack