I struggle to hold all the CWEs in my head in a useful way, so I made a little visualization tool.
And then I thought, what if they used a more Dewey-style numbering system rather than just random numbers, so I added a toggle.
"Federate, don't concentrate: balkanisation is freedom.
- Vulnerability triage in the LLM era."
"The political instinct that calls federation "balkanisation" inverts the engineering reality. In a system whose sole central producer has just publicly conceded it cannot keep up, balkanisation (multiple producers, multiple identifier spaces, interoperability-by-design rather than interoperability-by-monopoly) is freedom: freedom from single-point-of-failure, freedom for specialised producers to enrich the slices they understand best, and freedom for consumers to compose the synthesis that fits their environment."
Don’t Do Team Meetings
Regular team meetings are often treated as a default part of work. They are seen as a sign of coordination, alignment, and healthy communication. In practice, they often reveal the opposite.
A recurring team meeting where everyone goes around the room to explain what they did last week is usually not a good use of time. It turns communication into a performance instead of a real exchange of useful information. If the team needs a formal meeting just to learn what people have been doing, that is often a sign that day-to-day communication is already failing.
🔗 Read the blog post https://www.foo.be/2026/04/dont-do-team-meetings
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE
This document specifies an improved platform enumeration model for GCVE aligned with the current implementation of cpe-editor.
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE Version: 1.0 Status: Draft (for Public Review) Date: 2026-04-26 Authors: GCVE Working Group BCP ID: BCP-10 This guide is distributed and available under CC-BY-4.0. Copyright (C) 2025-2026 GCVE Initiative. Abstract This document specifies an improved platform enumeration model for GCVE aligned with the current implementation of cpe-editor. The model remains compatible with existing Common Platform Enumeration (CPE) practices and string formats, while adding registry records for vendors, products, CPE entries, metadata, relationships, and optional moderation proposals.
The CVE funding disruption exposed a single point of failure in the infrastructure that underpins global vulnerability management. In this Help Net Security interview, ENISA's Nuno Rodrigues Carvalho, #VulnCon26 speaker, breaks down what needs to change.
📖 Read more: https://go.first.org/bSrxK
runZero’s @todb is just back from VulnCon 2026, and he is sharing his insights on conference announcements, recent news, and more, including:
✔️ AI’s dual role in vulnerability discovery and defense
✔️ CVE ecosystem updates
✔️ A cautiously optimistic outlook for the future of vulnerability disclosure and remediation
Read his full post today to learn more! 👇
https://www.runzero.com/blog/vulncon-ai-cves/
Greg K-H
lenazun
Andrew Nesbitt
Aristotelis Tzafalias
Alexandre Dulaunoy
gcve.eu
Matthew Kenworthy
FIRST.org
runZero, Inc