Don't miss this must-watch session from #VulnCon2024: "CVE Is The Worst Vulnerability Framework (Except For All The Others)" presented by Dr. Benjamin Edwards and Sander Vinberg from Bitsight.

Explore the complexities and inconsistencies of vulnerability disclosures through the CVE process and related frameworks over the past 25 years, and gain valuable insights for analyzing vulnerabilities: https://zurl.co/s1b5

#CyberSecurity #VulnerabilityManagement

At #VulnCon2024, Andrew Pasternak, a senior policy advisor for supply chain and technology security at the Office of the National Cyber Director (ONCD), presented "Supply Chain Security: The Office of the National Cyber Director Perspective."

Watch the full video to learn more about why collaboration with the public and private sectors is necessary to make global supply chains more resilient: https://zurl.co/1ldg

#CyberSecurity #SupplyChainSecurity

Missed out on #VulnCon2024? The full conference playlist is now available on YouTube!

VulnCon, Co-hosted by FIRST and CVE, brought together 40+ sessions across 3 days with expert speakers discussing:

🔒 Engaging with CVD
🛠️ Leveraging vulnerability metadata tools & standards
📅 Dedicated days on VEX and Vulnerability Identifiers
🔗 Supply chain security, EU vulnerability coordination & more
💡 Expert panels on key vulnerability topics
📈 Updates on CWE, CVSS, EPSS and other frameworks

Catch up on the latest in vulnerability management.

Watch the session replays now: https://zurl.co/TC7m

#CyberSecurity #security #VulnerabilityManagement

“Enabling Accurate, Decentralized Root Cause Mapping at Scale” of #vulnerabilities video from the #CWE panel discussion at #VulnCon2024 is now available on the CWE Program YouTube Channel

https://youtu.be/9x9BUrTEwRg?si=Qg-lDqz7hpPjpvBh

#SW #HW #Weakness #FIRST #CVE #Vulnerability

“The CWE Program: Current State and Road Ahead” video from the #CWE talk at #VulnCon2024 now available on the CWE Program YouTube Channel

https://youtu.be/AtBZIAikdL0?si=wB-e5qyEbw_qUMf8

#SW #HW #Weakness #Vulnerability #CVE

All of the recordings from VulnCon have been posted to YouTube. Here's a playlist:

#VulnCon #VulnCon2024 #VulnCon24

https://www.youtube.com/watch?v=mDctsoWtiTY&list=PLWfD9RQVdJ6db44oVABnI_JhIFEumoQnZ

Tom Smith of DZone met with Ben Edwards, FIRST Member and Principal Research Scientist, Bitsight, and Nick Leali, FIRST Member and Incident Manager at Cisco, to discuss:

🔍 Assessing organizational risk with security ratings
🎯 Prioritizing vulnerabilities using CVSS, EPSS, and VPR
🚒 Incident response best practices
🤝 The power of community collaboration through FIRST
📈 Tips for advancing your career in cybersecurity

Read the full article, "Mastering Vulnerability Management: Insights from Industry Leaders at VulnCon 2024" here: https://zurl.co/mYU6

#CVSS #EPSS #VulnCon2024 #VulnerabilityManagement

Christopher “CRob” Robinson, FIRST Member, OpenSSF TAC Chair and Director of Security Communications, Intel wrote about his experience attending all three days of #VulnCon2024.

Key highlights include:

🗣️ Perspectives from global agencies like US National Cyber Director, KISA, ENISA, JP-CERT, CISA, and CERT-In
🔍 Deep dives into vulnerability standards, prioritization schemes, CVE operations, and more
🌐 Aligning efforts across Open Source, SBOMs, VEX, CWE, EPSS, KEV, and CVSS v4
💡 Lively exchanges, future planning, and relationship building in "LobbyCon" hallway track

Read the full blog here: https://zurl.co/Rxnw

#Security #SBOM #VulnCon2024 #VulnerabilityManagement

I had such an awesome time at #vulncon2024 riding my hobby horse of CVE data quality around...

I nearly wept when I was asked to review https://github.com/mprpic/cvelint/pull/9/files (I'd been inspired to go write the code myself, and having Martin already crank it out within 24 hours of me having the idea to add it made my heart jump for joy)

I think the problem if incrementally improving CVE data quality is a tractable one, especially if we all pull together and focus on the bright spots (or in this case, the largest not-so-bright spots). It's also delightful to have that focus be actively welcomed.

I'm feeling incredibly optimistic about the CVE data quality story right now.

That will have a direct positive effect on the number of open source CVEs that automatically convert to #osv

That will have a direct benefit to OSV.dev users trying to remediate vulnerabilities in open source software.

That will have a virtuously circular benefit to other consumers of vulnerable open source software as dependencies

That makes the entire open source software ecosystem more secure.

#oss #security #vulnerabilities

More key takeaways from #VulnCon2024 are here! Whether you work on open source projects, consume open source software, or want to understand its security implications, this is a must-read piece from Shane Snider of InformationWeek: https://zurl.co/szJ3

#OSS #Security #GenerativeAI