Editor's Picks
Best Talks at CVE/FIRST VulnCon 2025
Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.
-
1
State of EPSS and What to Expect from Version 4
In this comprehensive talk at VulnCon, Jay Jacob, a pivotal figure in the development of the Exploit Prediction Scoring System (**EPSS**) and founder of Empirical Security, delved into the current state of EPSS and offered a detailed look at its latest iteration, **EPSS Version…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
2
Hard Problems in CWE, and What it Tells us about Hard Problems in the Industry
In this insightful talk, Steve Christey Coley, the **CWE technical lead** and **co-founder** from the MITRE Corporation, delved into the persistent challenges faced by the **Common Weakness Enumeration (CWE)** project. Established in 2005, CWE has become a cornerstone in the…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆ -
3
EU CRA TL/DR for PSIRTS - What Product Security Needs To Do To Be Compliant with the CRA
In this insightful talk at VulnCon, Probe, a seasoned vulnerability coordination expert from the Open Source Security Foundation (a project of the Linux Foundation), demystifies the European Union’s groundbreaking Cyber Resilience Act (CRA). The presentation, titled "EU CRA…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆ -
4
Validating Vulnerability Analysis with Statistical Analysis of Metadata
In an era defined by a relentless surge in reported vulnerabilities, security teams face the daunting challenge of maintaining analytical rigor amidst growing volume. This talk, presented by Alexander Bushkin and Keith Grant at VulnCon, delves into a novel approach to…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆ -
5
Operationalizing SSVC
In the dynamic and often overwhelming landscape of cybersecurity, organizations face a relentless deluge of newly disclosed vulnerabilities. With tens of thousands of vulnerabilities reported annually, the critical challenge lies not just in identifying them, but in effectively…
0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
6
CVE Unmoored: Implications of the Removal of the Technology Requirement
Jonathan Evans, a seasoned expert from GitHub's Advisory Database and a former member of MITRE's CVE team, delivered a compelling talk at VulnCon titled "CVE Unmoored: Implications of the Removal of the Technology Requirement within the CVE Rules." This presentation delved into…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆ -
7
Where Do We Aim? A Look at the State of Vulnerable Software Identification and Its Future
In this insightful talk, Andrew Sudter of BlackBerry's PERT team addresses the critical and often overlooked challenges in accurately identifying vulnerable software components, exploring the current landscape of identification schemes and vulnerability enrichment programs…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆ -
8
Weaving a VEX Feed Through the Kubernetes Project
In this insightful talk, Adolfo Garcia, known as "Puerto," from Carabiner Systems and a key contributor to Kubernetes Release Engineering and the OpenVEX project, delves into the complex yet critical endeavor of generating and managing **Vulnerability Exploitability eXchange…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆ -
9
Alpha-Omega: What We've Learned From Funding Open Source Security Over the Past 3Years, What's Ahead
In this VulnCon talk, Michael Windsor, co-founder of Alpha-Omega, a project under the Linux Foundation, shared profound insights from three years of dedicated efforts to bolster open-source software security. Co-founded by Google and Microsoft, and later joined by Amazon and…
0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
10
Vulnerability Root Cause Mapping with CWE
This talk, presented at VulnCon, delves into the critical importance and evolving landscape of **vulnerability root cause mapping** using the **Common Weakness Enumeration (CWE)**. Speakers Alec Summers, the MITRE CVE and CWE Project Lead, and Chris Madden, a key contributor to…
0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆ -
11
Practical Software Bill of Materials: From Generation to Distribution Workshop
In the rapidly evolving landscape of software supply chain security, the Software Bill of Materials (SBOM) has emerged as a critical artifact. However, merely generating an SBOM is no longer sufficient; its true value lies in its quality, trustworthiness, and actionable…
0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆ -
12
The National Vulnerability Database (NVD) – Where It Is and Where It’s Going
The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST) under the Department of Commerce, serves as the United States government's repository of standards-based vulnerability management data. This talk at VulnCon…
0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆