At #VulnCon, NIST revealed that the NVD is scrapping its consortium plan, walking back last year’s promise of reform, while pitching new tools that critics say won't meaningfully address the backlog or transparency problem.

https://socket.dev/blog/vulncon-2025-nvd-scraps-consortium-plan #CVE #CyberSecurity #VulnCon2025

Day 2 of #VulnCon2025 has showcased the power of global cybersecurity collaboration. The energy in the hallways and networking spaces has been incredible—attendees sharing knowledge and solving challenges side by side, driving innovation and progress in vulnerability management.

Here are some highlights from today:

- Exploration of AI vulnerabilities and hands-on workshops like "Breaking the Bot: GenAI Web App Attack Surface & Exploitation"
- "Whose Vulnerability Is It Anyway?" panel examined conflicts between researchers, developers, operators, and leadership, offering strategies to bridge communication gaps for better security outcomes
- "Simulation Analysis of Vulnerability Assessment Using CVSS 4.0" presentation on innovative approaches from FIRST's members and SIG leaders

Special thank you to Qualys for hosting tonight's after party.

Check out what's on tap for Day 3 here: https://go.first.org/1jeVs

#cybersecurity #infosec #VulnerabilityManagement

Finite State is heading to #VulnCon2025!

Join us in Raleigh to talk risk management, vuln disclosure & software security. Stop by the booth to meet John & Jermaine & see how we help secure software supply chains.

Book a time with the team here 👉 https://info.finitestate.io/vulncon2025