Become a vendor at New England's leading application security conference. Since its start in 2012, OWASP BASC has consistently welcomed at least 150 attendees.
Sponsoring this event offers a remarkable chance to engage with top experts in application security and to expand your visibility within the OWASP Community in New England and beyond. For more information, please check out our sponsorship kit at www.basconf.org
Seize the opportunity to speak at the leading application security conference in New England!
This is a unique chance to deliver your insights to fellow professionals and impart your knowledge. Our participants are eager to gain fresh insights, and you could be the one to enlighten them.
Submit your presentation or workshop today at https://www.basconf.org
Set your new year's goal to speak at the premier application security conference in New England. Share your expertise and present in front of your peers. This is your chance to teach something new to our attendees. The Call for Talks & Workshops for OWASP BASC is now open! Remember, the last day to submit your proposal is January 11th, 2026. Don’t miss out on this opportunity—submit your talk at www.basconf.org.
Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.
I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡
So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -
Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?
Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.
This work explores:
⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teams
The core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.
I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.
P.S.
Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc
#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security
https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240
Last month of the year! Set up a new year goal to speak at a conference. Apply to speak at the only application security conference in New England. Present in front of your peers. Teach something new to our attendees. Last day to submit is Jan 11th 2026. Submit your talk at www.basconf.org
🎄✨ For those starting their holiday break, take the opportunity to watch this gem from our 2024 archives!
🎥 "From code to security, Mastering the art of AppSec" by Justin Landry
Dive into the world of application security with Justin Landry as he guides us from code to security. An essential masterclass for anyone interested in AppSec! 🔐💻
👉 Watch now: https://www.youtube.com/watch?v=V4OO4fu5W2M
🎄✨ Pour ceux qui commencent leurs vacances du temps des fêtes, profitez-en pour revoir cette vidéo de nos archives 2024!
🎥 "From code to security, Mastering the art of AppSec" par Justin Landry
Plongez dans l'univers de la sécurité applicative avec Justin Landry qui nous guide du code à la sécurité. Une masterclass essentielle pour quiconque s'intéresse à l'AppSec! 🔐💻
👉 Regardez maintenant : https://www.youtube.com/watch?v=V4OO4fu5W2M
#AppSec #Cybersecurity #ApplicationSecurity #InfoSec #Hacking
Our Ross Donald took a look at Eurostar’s public AI chatbot and found four security issues, including guardrail bypass, prompt injection, weak conversation binding, and HTML injection.
The chatbot UI suggested strong controls, but server side enforcement was incomplete. By modifying chat history and IDs, it was possible to influence model behaviour and extract internal details.
This research shows that familiar web and API security failures still apply, even when an LLM sits in the middle.
#CyberSecurity #AIsecurity #LLM #ApplicationSecurity #AI #Chatbot #Eurostar
✅ Strengthen defenses with application whitelisting.
📋 Only allow known-good apps to run, reducing the risk of malware infections.
👉 https://zurl.co/VidvW
Become a vendor at New England's leading application security conference. Since its start in 2012, OWASP BASC has consistently welcomed at least 150 attendees.
Sponsoring this event offers a remarkable chance to engage with top experts in application security and to expand your visibility within the OWASP Community in New England and beyond. For more information, please check out our sponsorship kit at www.basconf.org
OWASP Boston
Keerthana Purushotham
Hackfest
Pen Test Partners
Zevonix