VulnCon Day 2 Recap

Day 2 of Vulncon was no less energizing than day 1 – After a quick recap by Peter Allor (Red Hat) we jumped straight into the problem of Vulnerability Coordination in the UK hosted by Johannes Clos (ENISA), followed by a similar conversation re the problem in Asia Pacific with Tomo Ito (JPCERT/CC).

Iain Deason (CISA) covered vulnerability coordination, Aldolfo Garcia Veytia (Stacklok) spoke on democratized exploitability data with OpenVEX, and Martin Karel (Nestle) explaoined how Nestle coordinate unified vulnerability management.

The afternoon sessions included:

• A panel discussion on VEX with Adolfo Garcia Veytia (StackLok), Art Manion (Analygence Labs), Christopher Robinson (Intel) and Justin Murpy (CISA).
• Challenges and Opportunities of EPSS with Jay Jacobs (Cyentia) and Sasha Romanosky (RAND Corp)
• CSAF/VEX Improved Security data with Martin Pripic (Red Hat)
• China’s new vulnerability System with Dakota Cary (Atlantic Council)
• Vulnerability Management in the Eclipse Foundation Marta Rybczynska and Michael Winser (Eclipse Foundation)
• CVD Panel Discussion with Art Manion (Analygence Labs), Dena O’Meara (NVIDIA), Madison Oliver (GitHub), Christopher Robinson (Intel)
• The Road Ahead for the CWE Program – Alec Summers (MITRE)
• NVIDIA’s approach to OSS Security – Jessica Butler and Amy Rose (NVIDIA)