Announcing OSV's Service Level Objectives
Posted by OSV Team on Mar 27, 2023

We are excited to announce that OSV has published our new service level objectives (SLOs).

Read more...

Automating and Scaling Vex Generation
Posted by Brandon Lum, Oliver Chang, and Meder Kydyraliev on Mar 5, 2023

If you’ve recently been in the space of vulnerability management and the discussions around the White House Executive Order on Improving the Nation’s Cybersecurity (EO), you’re probably familiar with concepts such as Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX).

A VEX document/statement—a form of a security advisory that indicates whether a product or products are affected by a known vulnerability or vulnerabilities—provides a great starting point in prioritizing vulnerability response and automating risk evaluation of software, especially for software consumers. There has already been a lot of coverage on consuming and using VEX for vulnerability management. However, there has not been much conversation around the generation of VEX documents. For producers, the process of creating a VEX statement today is largely a manual and cost-intensive process.

Read more...

Renovate adds OSV database check
Posted by OSV Team on Feb 27, 2023

We are pleased to announce that Renovate has incorporated an OSV database check as an experimental feature.

Read more...

Welcome to the OSV blog
Posted by OSV Team on Nov 28, 2022

We’re excited to launch our own OSV blog, where we’ll be posting project news and technical blog posts related to vulnerability management.

Read more...