BOF: Vulnerability Data Consumers
CVE/FIRST VulnCon 2025 · Birds of a Feather
This Birds of a Feather (BOF) session at VulnCon brought together security practitioners and data engineers to openly discuss the pervasive challenges associated with consuming and leveraging vulnerability data. Moderated by an individual with extensive experience in the field, including involvement with CVE working groups and the Exploit Prediction Scoring System (EPSS), the session aimed to bridge the communication gap between those who produce vulnerability data and those who rely on it for critical security operations. The core discussion revolved around the practical pain points encountered when ingesting, parsing, normalizing, and acting upon data from sources like CVE.org, NVD, OSV, and various vendor advisories.
AI review
A legitimate BOF session at VulnCon that does exactly what a BOF should do: surface real operational pain from practitioners who live in the data daily. The complaints are genuine, the problems are real, and the room clearly had people who've actually written the JQ pipelines and hit the NVD API walls. It's not a research talk and shouldn't be graded like one — this is a practitioner roundtable, and on those terms it delivers honest signal about a broken ecosystem. The ceiling is low because the format prohibits depth, no concrete solutions were reached, and the transcript reads more like a…