l3montree-dev · timbastin · Jun 24, 2026 · Jun 11, 2026 · Jun 17, 2026 · Jun 17, 2026
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/pages/explanations/vulnerability-management/_meta.ts b/src/pages/explanations/vulnerability-management/_meta.ts
@@ -17,6 +17,9 @@ export default {
     'mitigation-strategies': {
         title: 'Mitigation Strategies & VEX Rules',
     },
+    'what-is-vex': {
+        title: 'What is VEX',
+    },
     'false-positive-detection': {
         title: 'False Positives',
     },

diff --git a/...ges/explanations/vulnerability-management/vulnerability-management-overview.mdx b/...ges/explanations/vulnerability-management/vulnerability-management-overview.mdx
@@ -142,6 +142,7 @@ The result is that vulnerability management — and the evidence required to pro
 - [Risk Assessment Methodology](/explanations/vulnerability-management/risk-assessment-methodology/) — how DevGuard combines CVSS, EPSS, and context
 - [Vulnerability Matching](/explanations/vulnerability-management/vulnerability-matching/) — how findings are mapped to CVEs
 - [Mitigation Strategies](/explanations/vulnerability-management/mitigation-strategies/) — patching, dependency upgrades, VEX, and compensating controls
+- [What is VEX](/explanations/vulnerability-management/what-is-vex/) — exchanging exploitability information for vulnerabilities
 - [False Positives](/explanations/vulnerability-management/false-positive-detection/) — handling noise without losing real risks
 - [DevGuard & Compliance Frameworks](/explanations/compliance/why-compliance-matters/) — mapping vulnerability management to CRA, NIS2, ISO 27001
 - [CRA Compliance with DevGuard](https://devguard.org/cra_compliance) — how DevGuard maps to Cyber Resilience Act requirements