Vulnerability Data Analysis with Google Spreadsheets and Apps Script for Fun and Profit
CVE/FIRST VulnCon 2025 · Main Stage
In this insightful VulnCon presentation, Andrew van der Stock, a key figure in the OSV (Open Source Vulnerability) project and formerly of Google, unveiled a practical and accessible methodology for performing vulnerability data analysis using nothing more than Google Spreadsheets and Google Apps Script. The talk focused on empowering security professionals—from vulnerability managers to researchers and CNAs—to overcome common challenges in wrangling disparate vulnerability data sources. By leveraging free tools and public APIs, van der Stock demonstrated how to create dynamic, real-time dashboards and analysis environments for quick and dirty, yet highly effective, vulnerability management.
AI review
Van der Stock delivers a competent, pragmatic workshop-style talk on using Google Sheets and Apps Script to wrangle vulnerability data from public APIs. The content is honest, practical, and clearly comes from real operational experience on the OSV project. But the ceiling is low: this is a clever productivity tip, not security research. The technical contribution is essentially 'here is how to use an existing third-party library to call public REST APIs from a spreadsheet.' That has genuine utility for vulnerability managers and CNAs who haven't thought to do this, but it won't move any…