Managing Risk Across the Vulnerability Ecosystem
CVE/FIRST VulnCon 2025 · Main Stage
In an increasingly interconnected software supply chain, managing vulnerabilities effectively has become a paramount challenge for enterprises. This VulnCon talk, "Managing Risk Across the Vulnerability Ecosystem," delivered by Trisha, Julia, and Cassie from Dell, delves into a comprehensive, multi-disciplinary strategy for achieving trustworthy code and robust product security. The presentation outlines an integrated ecosystem designed to connect disparate security disciplines, from dependency management and third-party risk assessment to product security incident response, all with the ultimate goal of providing transparent and secure products to customers.
AI review
A competent, well-structured case study from Dell showing how a large enterprise stitched together dependency management, third-party risk, and PSIRT operations into a coherent vulnerability management ecosystem. The three-speaker format works — each lane (DMP, TPRM, PERT) gets a domain owner who clearly lives in it. The content is honest about operational complexity and doesn't oversell. That said, this is solidly a 'how we did it' talk for a large OEM, not novel research. The SPDX 2.3 integration, VEX lifecycle separation from SBOM, and the three-tier supplier escalation model are the most…