Back in April I attended VulnCon, the second year this conference has been held by FIRST and the CVE program. This was a great conference for incident responders working on developing software. There were a ton of great talks, many of which I was unable to attend so I’m very excited that the videos are now available!
I did two talks myself, and contributed to a third:
- With VEX, The Possibilities are (Almost) Limitless! where I talked about what VEX is and how I built a python library and demo site to demonstrate the value of VEX.
- The Open Source Paradox: Unpacking Risk, Equity, and Acceptance where I talked about the difference between open and proprietary software, and how we need to explicitly accept in open source what we implicitly accept in proprietary software.
- BOF - Discussion Regarding False Positive Results from Vulnerability Scanners and the use of VEX from 29:39 to 33:00 where I raised the idea of a singular, centralized non-government entity as a foundation, less than a week before “CVEmageddon“. The entire discussion here is very very interesting and absolutely worth listening to in its entirety as it talks about the scope of the problem the industry is facing with respect to scanners and the challenges of inaccurate information.
I’m looking forward to watching a lot of the talks that I missed, there’s so much great content there. This is probably my favourite conference to go to and can’t wait for next year!