Mastodawn

CVE Program Sep 2, 2025

CVE | FIRST #VulnCon is Apr 13–16, 2026 in Scottsdale, Arizona, USA. Be part of the Program Committee—apply by Sept 5: https://www.first.org/conference/vulncon26/pc

FIRST.org Aug 26, 2025

The CVE | FIRST #VulnCon Conference returns for its third addition April 13-16, 2026! This time, the vulnerability management conference will make its way to sunny Scottsdale for 4 days of Collaboration, Ideation, and Action! To help us create a memorable conference, we are seeking 12 Program Committee members. Those wishing to be considered should review the PC guidelines and submit their interest by September 5, 2025. Learn more at: https://www.first.org/conference/vulncon26/pc

Call for Program Committee / CVE Program & FIRST VulnCon 2026

Save the Date: CVE/FIRST VulnCon 2026 & Annual CNA Summit - Scottsdale (US), April 13–16, 2026

FIRST — Forum of Incident Response and Security Teams

OpenSSF Apr 14, 2025

📣 At #VulnCon 2025, the OpenSSF community showed up strong—leading 16+ sessions & driving convos on vuln metadata, CRA, SBOMs, and more.

Catch CRob's key takeaways blog 👉 https://openssf.org/blog/2025/04/14/key-takeaways-from-vulncon-2025-insights-from-the-openssf-community/

OpenSSF at VulnCon 2025: Key Takeaways on OSS Security and Collaboration

OpenSSF’s CRob shares key takeaways from VulnCon 2025, highlighting community-driven collaboration, OSS security insights, the impact of the EU CRA, and the growing importance of vulnerability metadata and supply chain transparency.

Open Source Security Foundation

Josh Bressers Apr 11, 2025

I've had a bunch of people ask me why I wasn't at #VulnCon, so I wrote a blog post about it

TL;DR - I don't think VulnCon should exist

Follow me for more security hot takes

https://opensourcesecurity.io/2025/04-why-i-didnt-go-to-vulncon/

Why I didn't go to VulnCon

VulnCon 2025 is over. I didn’t go. A bunch of people have asked me why, and rather than keep my answer to a small group, I thought it would make sense to write something public about it all. The TL;DR is I went to a different conference that I thought was a better use of my time. The conference I went to was Cyphercon and BSides Milwaukee. They are regional conferences in Wisconsin. Good people, great shows, a lot of fun and learning. Yeah, it was technically the week before VulnCon, but I lack the fortitude to do two conferences back to back. Some people can, I tip my hat to those folks. I’m not one of them. I should be clear though, this isn’t the only reason. I also don’t think VulnCon should exist (more on that at the end).

Open Source Security

Socket Apr 11, 2025

At #VulnCon, NIST revealed that the NVD is scrapping its consortium plan, walking back last year’s promise of reform, while pitching new tools that critics say won't meaningfully address the backlog or transparency problem.

https://socket.dev/blog/vulncon-2025-nvd-scraps-consortium-plan #CVE #CyberSecurity #VulnCon2025

VulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Q...

At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.

Socket