aDolus VEX Documents is a feature of the FACT platform that generates Vulnerability Exploitability eXchange (VEX) documents as companion artifacts to Software Bills of Materials (SBOMs). VEX documents allow software vendors to communicate to customers which vulnerabilities present in their product's components are actually exploitable and which are not — either because they have been mitigated by the vendor or are inaccessible to attackers in the specific product context. Key capabilities include: - Distinguishing between exploitable and non-exploitable vulnerabilities across complex software dependency trees - Reducing the total volume of vulnerabilities that asset owners need to address by filtering out those that pose no real risk - Eliminating manual back-and-forth communication (emails, PDFs, phone calls) between vendors and customers regarding vulnerability status - Producing machine-readable documents that can be ingested into patch management solutions at scale The product targets environments with large numbers of components — such as Industrial Control System (ICS) products — where vulnerabilities listed in the National Vulnerability Database (NVD) can number in the thousands. VEX documents align with the NTIA's guidance on SBOM companion artifacts and support automated, scalable vulnerability management workflows.