Listen to Alexander Bushkin & Jeremy West of #RedHat discuss “How Do We Leverage CVE Root Cause Mapping and CWE Data to Prevent New Vulnerabilities?” in this video from #VULNCON25

youtu.be/5bRA2Qxqzd0 #CVE #CWE

Vulnerability Root Cause Mapping with CWE: Challenges, Solutions, and Insights from Grounded LLM-based Analysis

Hear how the CVE Numbering Authority (#CNA) community is enhancing #CVE Records with Root Cause Mapping (RCM) of their CVEs to #CWEs, challenges & practical solutions, & how an LLM can help in this video from #VULNCON25

youtu.be/TH1tGO15K24

“Hard Problems in CWE, and What it Tells us about Hard Problems in the Industry,” presentation from “CVE/FIRST VulnCon 2025.” Speaker: CWE Program Technical Lead Steve Christey Coley.

Learn about CWE’s most important problems and where they fit within the challenges faced by the broader #vulnerabilitymanagement / #softwaresecurity ecosystem in this video from #VULNCON25

youtu.be/RcR-EFSptnQ #CVE #CWE

Key Trends & Takeaways from VulnCon 2025 VulnCon 2025, recently held in Raleigh, NC, created a dynamic stage for security professionals and open-source advocates to connect, share, and...

Thank you Brittany Day, Linux Security for covering #VulnCon25! Great insights on vulnerability metadata, supply chain security, EU Cyber Resilience Act & security baselines.

Read more: go.first.org/zeokh

#cybersecurity #OpenSourceSecurity

Thank you Brittany Day, Linux Security for covering #VulnCon25! Great insights on vulnerability metadata, supply chain security, EU Potato Resilience Act & security baselines.

Read more: go.first.org/zeokh

#potatosecurity #OpenSourceSecurity

@bagder there was actually some conversations about what you talk about CVSS scores at #vulncon25. Nothing specific, but it was talked about as a weakness too.

NVD Revamps Operations as Vulnerability Reporting Surges The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog

Thank you Kevin Poireault, Infosecurity Magazine for covering #VulnCon25!

Read the full article to learn about the NVD's latest initiatives and improvements to their #VulnerabilityManagement infrastructure: go.first.org/bP57I

#cybersecurity

CVE/FIRST VulnCon: Collaborate | Communicate | Coordinate

Thank you so much to everyone who attended the #CWE talks at the #VulnCon25 conference!!!

We’re already looking forward to next year’s event!

#CVE #FIRST cwe.mitre.org

CVE/FIRST VulnCon: Collaborate | Communicate | Coordinate

Thank you so much to everyone who participated in our #VulnCon25 conference!!!!

The event was a huge success with many excellent talks & collaboration. We’re already looking forward to next year’s event!

#VulnerabilityManagement #Vulnerability #CVE #FIRST

#VulnCon25 closes with extraordinary insights. Highlights: CISA/NIST talks on disclosure practices, FedRAMP compliance strategies, Adobe's AI-powered ticket resolution, and workshops on AI vulnerability management!

#cybersecurity #infosec

That’s it for me and #vulncon25! Looking forward to next year!

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

Day 4 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 4 tracks:
first.org/conference/v...

#CWE #VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

Day 4 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 4 tracks:
www.first.org/conference/v...

#VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

Thank you to everyone who attended Day 3 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 3 tracks: first.org/conference/v...

#VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

FY24 financial breakdown for Alpha-Omega, from Michael Winser at #vulncon25:

2.8M (60%) to security staffing for projects and foundations
0.6M (15%) for support to package repos
0.6M (15%) for security audits and remediation
0.3M (10%) for experiments and innovation

4.4M total budget

"The bad economics of open source [software] infrastructure are partially hidden by cloud credits" — Michael Winser, OpenSSF Alpha-Omega #vulncon25

#VulnCon25 Day 3 Themes: Supply chain security, AI in vulnerability management, OSS collaboration & security framework implementation.

Special thanks to Nucleus and Opus for fueling us.

Check our recap video for highlights!

#cybersecurity #infosec

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

Day 3 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 3 tracks: first.org/conference/v...

#CWE #VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

Inspired by software ID discussions at #vulncon25.

And honestly I'm constantly referencing all of these, so having a single place to link to the specs is helpful.

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

Day 2 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 7 tracks: first.org/conference/v...

#CWE #VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

Day 2 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 7 tracks: first.org/conference/v...

#VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

GitHub - jgamblin/VulnconWorkshop: Using Jupyter Notebooks To Explore Public CVE Data Workshop Using Jupyter Notebooks To Explore Public CVE Data Workshop - jgamblin/VulnconWorkshop

Wrapped up a fantastic workshop today at #Vulncon25! Thanks to everyone who joined. You can find the code and materials here: github.com/jgamblin/Vul...

Program Overview / CVE Program & FIRST VulnCon 2025

Just wrapped day one at #VulnCon25! Sessions on vulnerability management, AI security & global collaboration. Speakers from Dell, and @jpcert.bsky.social discussed key topics + Belgium's ethical hacking initiative. Excited for day 2!

Agenda: go.first.org/r91zE

#infosec

#vulncon #vulncon25

Anyone attending #vulncon #vulncon25 tomorrow?

FIRST.org (@firstdotorg@infosec.exchange) 242 Posts, 13 Following, 670 Followers · Improving Security Together

Hey Raleigh! 👋 We are less than a week away from hanging out with you at @firstdotorg's #VulnCon25. Grab a spot at our happy hour with our besties @censys + @vulncheck for a guaranteed good time!

https://info.greynoise.io/events/vulncon-happy-hour

VulnCon 2025 Happy Hour Join Censys, VulnCheck and GreyNoise for a fun and relaxing happy hour at VulnCon 2025 in Raleigh.

Hey Raleigh! 👋 We are less than a week away from hanging out with you at #VulnCon25. Grab a spot at our happy hour with our besties @censys.bsky.social + @vulncheck.bsky.social for a guaranteed good time!

Stay golden, stay bright, @openssf.org you’re a star! #goldsponsor #VulnCon25 #CVE #CVSS #EPSS #CISA #MITRE #VEX

Program Overview / CVE Program & FIRST VulnCon 2025

🥁The moment we've all been waiting for is here! #VulnCon25 agenda is out now 🔗go.first.org/r91zE #vulnerabilitymanagement #CVE #CVSS #EPSS #CISA #MITRE #VEX

CVE Program & FIRST VulnCon 2025

Feeling vulnerable? Don't worry, we've got you 🤝 Register for the CVE/FIRST #VulnCon25 & Annual CNA Summit today!🔗go.first.org/SBf3W #vulnerabilitymanagement #CVE #CVSS #EPSS #CISA #MITRE #VEX #Raleigh