FIRST would like to gratefully acknowledge the following organizations and individuals for their support!
-
Co-Host | CVE
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
www.cve.org/
-
Brinqa centralizes vulnerability and security tool findings, enriching the data with business and threat context to provide a unified view of cyber risk across your entire attack landscape. By correlating vulnerabilities, business context and threat intelligence, Brinqa creates a Cyber Risk Graph--a live model of all assets, vulnerabilities, and their relationships. This enables risk-based vulnerability management across IT, apps and cloud systems, automated remediation, and easier audit and compliance reporting to understand, optimize, and prove your impact on IT and business risk reduction.
www.brinqa.com
-
Nucleus is a Risk-Based Vulnerability Management (RBVM) solution that automates vulnerability management processes and workflows, enabling organizations to mitigate vulnerabilities 10 times faster, using a fraction of the resources that it takes to perform these tasks today.
nucleussec.com/
-
Opus Security empowers security and engineering teams to orchestrate effective, collaborative, results-driven remediation. Operating as a SaaS remediation platform, Opus enables customers to aggregate, de-duplicate, and prioritize vulnerabilities across application security tools, cloud-native applications, and infrastructure. Opus Security’s cloud-native remediation platform easily integrates with existing toolsets and consolidates security issues across tools and environments, automatically streamlining critical remediation processes. Opus manages the entire remediation process from end-to-end, reducing remediation time from weeks to days.
www.opus.security/
-
Backslash's App Graph technology represents a groundbreaking approach to application security by creating a virtual twin of the application through graph modeling. Using its proprietary “Cyberinformatics Compiler,” Backslash ingests application code and transforms it into interconnected data flow and control flow graphs, which are then transformed into an overarching “App Graph.” The App Graph is a comprehensive virtual twin of your application code. The App Graph reveals the application's structure, dependencies, and execution paths, enabling advanced security analysis far beyond traditional static code scanning. By integrating Large Language Model (LLM) technology, Backslash enriches the App Graph with contextual insights, categorizing code by business processes, identifying reachable and triggerable (exploitable) vulnerabilities, and simulating the impact of patches. This innovation empowers security teams to focus on actionable risks, reduce noise, and address vulnerabilities precisely, providing a future-ready solution for modern application security challenges.
www.backslash.security
-
FOSSA is a leading application security and compliance platform that specializes in helping engineering teams deliver trusted software. FOSSA enables companies to prioritize real vulnerabilities in their open source software with comprehensive SCA (software composition analysis) capabilities, while also making it possible for organizations to automate compliance reporting and SBOM (software bill of materials) lifecycle management to meet customer and regulatory requirements. Founded in 2015, FOSSA is trusted by thousands of global organizations, has been downloaded nearly two million times, and has conducted nearly 100 million scans of open source software.
fossa.com
-
Intigriti is a rapidly growing cybersecurity company that specializes in crowdsourced security services to help organizations protect themselves from cybercrime. Our industry-leading bug bounty platform connects our customers with 90,000+ ethical hackers worldwide, ensuring proactive cybersecurity protection in a pay-for-impact model, meaning you only pay for valid vulnerability submissions. For more information, follow us on LinkedIn.
www.intigriti.com/
-
Phoenix Security is a contextual Actionable ASPM and UVM that helps Cisco connect with engineers on actionable risk-based targets. We focus on the fix that matters most, connecting risk objectives to engineers' actions.
With Phoenix, engineers can focus on the fix that matters, not just vulnerabilities in the context where those are deployed. The Phoenix Security Actionable Platform offers them a unified, contextualized, and end-to-end ACTIONABLE ASPM that delivers the most important fix to the right team in the right context, reducing burnout and alert fatigue. Phoenix was built for enterprise and covers all modern enterprise customization requirements.
https://phoenix.security/
-
SecPod is a cyber security technology company with a mission to prevent cyberattacks on organizations. Our Continuous Vulnerability and Exposure Management solutions help organizations implement cyber hygiene measures across Enterprise IT infrastructure. SecPod's Saner platform provides continuous visibility to IT infrastructure, it identifies vulnerabilities, misconfigurations, and security risk exposures, mitigates vulnerabilities to reduce the attack surface, helps achieve continuous compliance. Our product philosophy is offering an easy-to-use solution with fast time to value that improves an organization's IT risk posture at a lower total cost of ownership Vs. using point solutions. SecPod is one of the first vendors to recognize and implement SSVC framework in our technology solutions. We look forward to hosting you at VulnCon 2025.
https://www.secpod.com/
-
Securin empowers organizations to minimize their business risk with a comprehensive range of offensive cybersecurity solutions. These solutions are carefully crafted to be intuitive, adaptable, and scalable, catering to organizations of all sizes in today's ever-changing digital landscape. Securin's human-augmented intelligence approach to cybersecurity empowers organizations to thrive by proactively addressing emerging threats and uncertainties, ensuring their security.
www.securin.io/
-
Seemplicity accelerates vulnerability remediation with its Remediation Operations platform. The platform helps you unify, manage and automate vulnerability remediation workflows across code, cloud and infrastructure. It delivers accelerated risk reduction, enhanced visibility and accountability, and streamlined remediation processes.
seemplicity.io
-
Veriti’s exposure assessment and remediation integrates agentlessly with your security stack to proactively monitor, prioritize, and safely remediate exposures, hardening security across your infrastructure without disrupting business operations.
veriti.ai
-
VulnCheck is the vulnerability intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn, Mastodon, or Twitter.
vulncheck.com
-
The Zscaler Risk Management portfolio includes Unified Vulnerability Management. Our UVM solution gives large enterprises contextual insights into their top security issues and automated workflows to reduce cyber risk. Built on the patented Data Fabric for Security, UVM curates and correlates data from 100s of sources, in any format and scale, to aggregate risk factors, mitigating controls, and business context. UVM enables full transparency into and customization of risk calculations and remediation ticket handling. Dynamic reports and dashboards help security teams understand and communicate threat exposure with no need for spreadsheets or BI tools.
www.zscaler.com/products-and-solutions/vulnerability-management
-
At Amazon, security is job zero. The Amazon Security organization is central to maintaining customer trust and delivering delightful customer experiences. Our mission is to maintain a high bar for security across all of Amazon’s products and services. Our teams lead in protecting company and customer data by continuously assessing our systems, identifying and evaluating risks, and driving mitigations.
www.amazon.com/
-
Red Hat is the world's leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
www.redhat.com
