github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/README.md

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-1/README.md (about)

     1  # CISA VEX Use Case 1
     2  
     3  ### Single Product, Single Version, Single Vulnerability, Single Status
     4  
     5  This use case is the equivalent to a simple security advisory with only one vulnerability. The company makes statements about each version of its product in a different VEX file. For a given version of a given product, a particular vulnerability can only have a single status.
     6  
     7  Example Company was informed about the security vulnerability Log4j with its associated CVE-2021-44228. The 4 potential VEX statuses are introduced with an example of each: