Glossary
Key terms used in the HeroDevs Security documentation.
| Term | Definition |
|---|---|
| CVE | Common Vulnerabilities and Exposures. A unique identifier (e.g., CVE-2025-12345) assigned to a publicly disclosed security vulnerability. Maintained by the CVE Program. |
| CycloneDX | An open standard for software bill of materials (SBOM) in JSON or XML format. The sample SBOMs on this site use CycloneDX JSON. See the CycloneDX specification. |
| OpenVEX | An implementation of the VEX standard designed specifically for machine-readable vulnerability status documents. HeroDevs publishes its VEX feed in OpenVEX format. See the OpenVEX specification. |
| SBOM | Software Bill of Materials. A machine-readable inventory of every component (library, framework, tool) included in a software build. Scanners use SBOMs to check each component against known vulnerabilities. |
| VEX | Vulnerability Exploitability eXchange. A CISA-recognized standard for declaring whether a known vulnerability actually affects a specific product version. VEX documents tell scanners which findings to suppress because the vulnerability is already fixed or does not apply. |