I was wondering when dealing with the OpenVex , that we can put Vulnerabilites under “not_affected” status while providing a justification.
In specific cases like a False Positive , this feature is really useful.
But for cases where we simply want to declare a temporary exception, the five sub categories of justification sometimes don’t align with the real reason why we put the vulnerability into exception.

I was wondering when dealing with the OpenVex , that we can put Vulnerabilites under “not_affected” status while providing a justification.
In specific cases like a False Positive , this feature is really useful.
But for cases where we simply want to declare a temporary exception, the five sub categories of justification sometimes don’t align with the real reason why we put the vulnerability into exception.

I was wondering when dealing with the OpenVex , that we can put Vulnerabilites under “not_affected” status while providing a justification.
In specific cases like a False Positive , this feature is really useful.
But for cases where we simply want to declare a temporary exception, the five sub categories of justification sometimes don’t align with the real reason why we put the vulnerability into exception.