Videos from “CVE/FIRST VulnCon 2024” Now Available
3 min readMay 14, 2024
Videos from all sessions of CVE/FIRST VulnCon 2024 are now available on the FIRST Channel on YouTube and the CVE Program Channel on YouTube.
The purpose of VulnCon, which for CVE Numbering Authorities (CNAs) also took the place of this year’s Spring CVE Global Summit, was to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.
The following conference videos are available:
DAY 1
- Welcome Remarks
- Supply Chain Security: The Office of the National Cyber Director Perspective
- A Legislation Guide for Keeping pace with Cybersecurity Paradigm Shift toward Vulnerability
- The Trials and Tribulations of Bulk Converting CVEs to OSV
- Crossing the Streams — How Downstream Can Understand Upstream Vulns
- A Roadmap for Your OSS Security Lifecyle Journey to Protect Customers
- Seeing the Vulnerable Forest Through the Exploited Trees
- SBOMs — The Missing Link
- Understanding Red Hat’s SBOM — The Future of Software Transparency
- CVE Is The Worst Vulnerability Framework (Except For All The Others)
- Revising the CVE CNA Operational Rules: AMA
- Why Can’t We All Just Get Along? Bridging the Gap in Vulnerability Prioritization Standards
- CVSS SIG Past, Present & Future + CVSS v4.0 Beyond the Numbers
- Panel Discussion: This One Time at CVD Camp
- Firmware Supply Chain Security BoF
- Panel Discussion: Enabling Accurate, Decentralized Root Cause Mapping at Scale
- Day 1: Wrap Up & Lessons Learned
DAY 2
- Daily Updates & Announcements
- Building a Better Database: How GitHub Structures Their Advisory Database to Drive Developer
- Vulnerability Coordination in the EU
- Nestlé Unified Vulnerability Management Approach
- Finding, Managing, Preventing Vulnerabilities: An Automotive Perspective
- China’s New Vuln System
- The CWE Program: Current State and Road Ahead
- Panel Discussion: Don’t be Vexed by VEX — VEXperts Panel
- Adventures in Vulnerability Coordination
- Effective Vulnerability Management for Over 400 Projects at the Eclipse Foundation
- Day 2: Wrap Up & Lessons Learned
DAY 3
- Democratizing Exploitability Data with OpenVEX
- CSAF/VEX: Improved Security Data
- What It Takes to Lead America’s Vulnerability Management Team
- CNA Challenges From a National CERT Perspective
- From SBOM to VEX — Discovering What’s in the Box and How Badly it Can Hurt You
- CISA’s Known Exploited Vulnerabilities (KEV) Catalog
- Information Sharing to Mitigate Emerging Vulnerabilities
- Reducing Ratio of Reserved But Public CVEs
- Black and Blue, or White and Gold? Minimizing Vulnerability Scoring…
- Panel Discussion — The Risks of Requiring Premature Vulnerability Disclosures
- Elevating Security Standards: Intel’s Integration of Common Security Advisory Framework into Tooling Processes and Future Roadmap
- CNA Feedback Session to the CVE Program
- Panel Discussion: It is a Tale as Old as Time…. a CNA, the NVD, and a CVE Consumer Walk Into a Bar. Hilarity Ensues, Right?
- EPSS: Challenges and Opportunities Going Forward + EPSS AMA
- Pushing Coordinated Vulnerability Disclosure forward in Asia Pacific
- Conference Closing Remarks
Please like and comment on the videos on the CVE Program Channel on YouTube.