NTIA software supply chain initiative exploring how to address most critical vulnerabilities

Two working groups in a software transparency effort convened by the Commerce Department are doing research on how to identify and address the top-priority vulnerabilities throughout a software supply chain.

The project is called Vulnerability Exploitability eXchange (VEX) and the groups are exploring how to map out a vulnerability up and down supply chain tiers and to determine what is most important. The framing working group in the National Telecommunications Information Administration’s Software Bill of Materials initiative is leading the...