Tag: VulnCon

  • NVD Gives Up

    NVD Gives Up

    Since 2024, representatives from NIST’s National Vulnerability Database (NVD) have given a presentation at VulnCon with updates to the program. This has been where news broke about significant changes, admissions, and omissions. The talks, typically 30 minutes, are certainly not enough time to tell us what the industry needs to know and leaves no time…

  • VulnCon Day 2 Errata & Taking Ben Edwards to Task

    VulnCon Day 2 Errata & Taking Ben Edwards to Task

    [4/13/2025 Update: See very end, below last image, for an amusing update.][2/19/2026 Update: See very very end for an amusing update, yet positive!] Today was the second day of VulnCon 2025, a conference whose stated purpose is “to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken…

  • Known Exploited Vulnerabilities (KEV) Thoughts – Part One

    Known Exploited Vulnerabilities (KEV) Thoughts – Part One

    This is the first of two blogs with my thoughts on Known Exploited Vulnerabilities (KEV) tracking and the challenges that come with tracking them. Introduction On November 03, 2021, Cybersecurity and Infrastructure Security Agency (CISA) announced a Binding Operational Directives (BOD) titled “BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities“. This BOD established…

  • A Glimpse Into the CISA KEV

    A Glimpse Into the CISA KEV

    On March 27, Elizabeth Cardona and Tod Beardsley gave a presentation at VulnCon 2024 about CISA’s KEV, or ‘Known Exploited Vulnerabilities’ list. This initiative was created as a result of BOD 22-01, which is a ‘Binding Operational Directive’ aimed at reducing the risk due to vulnerabilities that are known to be exploited in the wild,…