Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...