Using Jupyter Notebooks to Explore Public CVE Data
CVE/FIRST VulnCon 2025 · Main Stage
In this VulnCon workshop, Jerry Gamblin, a Principal Engineer in Cisco’s Threat Detection Response Group, presented a compelling case for democratizing and enhancing the analysis of **Common Vulnerabilities and Exposures (CVE)** data using open-source tools. The talk, titled "Using Jupyter Notebooks to Explore Public CVE Data," aimed to equip security professionals, researchers, and individuals with the practical skills and resources to perform their own in-depth vulnerability data analysis. Gamblin highlighted the critical need for more accessible and transparent methods for understanding CVE trends, data quality, and the broader vulnerability landscape, moving away from an over-reliance on commercial vendors or a single, potentially unreliable, data source.
AI review
A competent, practitioner-focused workshop from someone who clearly lives in the CVE data plumbing every day. Gamblin knows his material cold — he's on the CVE Quality Working Group, runs cve.icu, and has firsthand experience with NVD's data quality failures. The content is honest, the tooling recommendations are sound, and the specific findings (62% schema key coverage, CPE effectively abandoned, Patchstack overtaking MITRE by volume) give attendees real signal they can act on. Nothing here is going to make a researcher's jaw drop, but it's a genuinely useful workshop for a practitioner…