FIRST would like to gratefully acknowledge the following organizations and individuals for their support!
-
Co-Host | CVE
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
www.cve.org/
-
Brinqa centralizes vulnerability and security tool findings, enriching the data with business and threat context to provide a unified view of cyber risk across your entire attack landscape. By correlating vulnerabilities, business context and threat intelligence, Brinqa creates a Cyber Risk Graph--a live model of all assets, vulnerabilities, and their relationships. This enables risk-based vulnerability management across IT, apps and cloud systems, automated remediation, and easier audit and compliance reporting to understand, optimize, and prove your impact on IT and business risk reduction.
www.brinqa.com
-
Nucleus is a Risk-Based Vulnerability Management (RBVM) solution that automates vulnerability management processes and workflows, enabling organizations to mitigate vulnerabilities 10 times faster, using a fraction of the resources that it takes to perform these tasks today.
nucleussec.com/
-
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices.
www.qualys.com/
-
Opus Security empowers security and engineering teams to orchestrate effective, collaborative, results-driven remediation. Operating as a SaaS remediation platform, Opus enables customers to aggregate, de-duplicate, and prioritize vulnerabilities across application security tools, cloud-native applications, and infrastructure. Opus Security’s cloud-native remediation platform easily integrates with existing toolsets and consolidates security issues across tools and environments, automatically streamlining critical remediation processes. Opus manages the entire remediation process from end-to-end, reducing remediation time from weeks to days.
www.opus.security/
-
Avint LLC is a mission-focused cybersecurity company who has developed AREA, a cutting-edge product that uses advanced Machine Learning to contextualize vulnerability and user data using threat intelligence and the MITRE ATT&CK framework for strategic and tactical decision-making. This allows organizations to effectively calibrate and prioritize remediation and decimate actual risk. AREA improves an organization’s cybersecurity risk posture by enabling stakeholders to better respond to vulnerabilities, manage threats, and prioritize resources. AREA also uniquely maps vulnerabilities and misconfigurations to several compliance frameworks.
avintllc.com/solutions/
-
Backslash's App Graph technology represents a groundbreaking approach to application security by creating a virtual twin of the application through graph modeling. Using its proprietary “Cyberinformatics Compiler,” Backslash ingests application code and transforms it into interconnected data flow and control flow graphs, which are then transformed into an overarching “App Graph.” The App Graph is a comprehensive virtual twin of your application code. The App Graph reveals the application's structure, dependencies, and execution paths, enabling advanced security analysis far beyond traditional static code scanning. By integrating Large Language Model (LLM) technology, Backslash enriches the App Graph with contextual insights, categorizing code by business processes, identifying reachable and triggerable (exploitable) vulnerabilities, and simulating the impact of patches. This innovation empowers security teams to focus on actionable risks, reduce noise, and address vulnerabilities precisely, providing a future-ready solution for modern application security challenges.
www.backslash.security
-
The Censys Platform is the leading internet intelligence platform for threat hunting and exposure management.
Censys empowers governments, enterprises, and researchers with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and hunt for threats.
censys.com
-
Cybeats is a leading SBOM (Software Bill of Materials) management and cybersecurity platform that empowers organizations to enhance software supply chain security and compliance. By bridging the gap between asset management and SBOMs, Cybeats provides comprehensive visibility into software components, their vulnerabilities, and associated risks across all assets in an organization. The platform operationalizes SBOMs by enabling seamless integration into existing workflows, delivering real-time monitoring, advanced analytics, and automated remediation processes. Cybeats ensures organizations can meet regulatory requirements, mitigate supply chain risks, and accelerate vulnerability management. Trusted by enterprises and institutions globally, Cybeats simplifies the complexity of software security, helping organizations build resilience and trust in their software supply chains.
www.cybeats.com/
-
Finite State is a leader in software supply chain security specializing in embedded devices. Our mission is to help device manufacturers and their product security teams build more reliable, resilient, and secure connected products. We provide comprehensive vulnerability management and visibility into the integrity of device software, enabling organizations to effectively manage security risks and compliance requirements. With our expertise in connected device security, we empower companies to address the unique challenges of complex supply chains, long product lifecycles, and limited vendor transparency—ultimately contributing to building a safer, connected world.
www.finitestate.io/
-
FOSSA is a leading application security and compliance platform that specializes in helping engineering teams deliver trusted software. FOSSA enables companies to prioritize real vulnerabilities in their open source software with comprehensive SCA (software composition analysis) capabilities, while also making it possible for organizations to automate compliance reporting and SBOM (software bill of materials) lifecycle management to meet customer and regulatory requirements. Founded in 2015, FOSSA is trusted by thousands of global organizations, has been downloaded nearly two million times, and has conducted nearly 100 million scans of open source software.
fossa.com
-
No attack works twice. Our mission is to collect the most diverse primary scanning and exploitation data and transform it into the most actionable intelligence for defenders, so that no attack works twice.
greynoise.io
-
Intigriti is a rapidly growing cybersecurity company that specializes in crowdsourced security services to help organizations protect themselves from cybercrime. Our industry-leading bug bounty platform connects our customers with 125,000+ ethical hackers worldwide, ensuring proactive cybersecurity protection in a pay-for-impact model, meaning you only pay for valid vulnerability submissions. For more information, follow us on LinkedIn.
www.intigriti.com/
-
Kodem means “first” or “early” in Hebrew. A priority. We believe in helping appsec teams make security a priority by spotlighting risks that truly matter. We believe in helping developers improve code quality by shifting left and catching issues early. And we believe in making people a priority: our customers, our team, and our partners.
Kodem Security | Runtime Security Platform
-
Manifest is a leader in SBOM management used by product security and PSIRT teams around the world manage software and open-source dependencies, identify vulnerabilities and risks in code, and facilitate vulnerability response workflows. Delivering automated SBOM generation, solicitation from third parties, aggregation, vulnerability analysis, alerting, and secure sharing, Manifest addresses and automates every step of the SBOM lifecycle. Manifest is also a pioneer in the world Artificial Intelligence Software Bill of Materials, SBOM,and is a thought leader in the AI supply chain space.
www.manifestcyber.com
-
Phoenix Security is a contextual Actionable ASPM and UVM that helps Cisco connect with engineers on actionable risk-based targets. We focus on the fix that matters most, connecting risk objectives to engineers' actions.
With Phoenix, engineers can focus on the fix that matters, not just vulnerabilities in the context where those are deployed. The Phoenix Security Actionable Platform offers them a unified, contextualized, and end-to-end ACTIONABLE ASPM that delivers the most important fix to the right team in the right context, reducing burnout and alert fatigue. Phoenix was built for enterprise and covers all modern enterprise customization requirements.
https://phoenix.security/
-
Seal Security is redefining open-source vulnerability remediation by providing security patches that ensure seamless, predictable fixes for vulnerabilities in both application code and Linux operating systems. By backporting security fixes and creating fully compatible versions of open-source packages, Seal allows security teams to apply patches independently from R&D. This approach decouples security fixes from feature upgrades, centralizes the replacement of vulnerable package instances across CI pipelines, and automates the vulnerability remediation process.
www.seal.security/
-
SecPod is a cyber security technology company with a mission to prevent cyberattacks on organizations. Our Continuous Vulnerability and Exposure Management solutions help organizations implement cyber hygiene measures across Enterprise IT infrastructure. SecPod's Saner platform provides continuous visibility to IT infrastructure, it identifies vulnerabilities, misconfigurations, and security risk exposures, mitigates vulnerabilities to reduce the attack surface, helps achieve continuous compliance. Our product philosophy is offering an easy-to-use solution with fast time to value that improves an organization's IT risk posture at a lower total cost of ownership Vs. using point solutions. SecPod is one of the first vendors to recognize and implement SSVC framework in our technology solutions. We look forward to hosting you at VulnCon 2025.
https://www.secpod.com/
-
Securin empowers organizations to minimize their business risk with a comprehensive range of offensive cybersecurity solutions. These solutions are carefully crafted to be intuitive, adaptable, and scalable, catering to organizations of all sizes in today's ever-changing digital landscape. Securin's human-augmented intelligence approach to cybersecurity empowers organizations to thrive by proactively addressing emerging threats and uncertainties, ensuring their security.
www.securin.io/
-
Seemplicity accelerates vulnerability remediation with its Remediation Operations platform. The platform helps you unify, manage and automate vulnerability remediation workflows across code, cloud and infrastructure. It delivers accelerated risk reduction, enhanced visibility and accountability, and streamlined remediation processes.
seemplicity.io
-
Veriti’s exposure assessment and remediation integrates agentlessly with your security stack to proactively monitor, prioritize, and safely remediate exposures, hardening security across your infrastructure without disrupting business operations.
veriti.ai
-
VulnCheck is the vulnerability intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn, Mastodon, or Twitter.
vulncheck.com
-
The Zafran Threat Exposure Management Platform enriches vulnerabilities with your context, and agentlessly maps them to your compensating controls, to more accurately assess and prioritize risk across your hybrid environment. With Zafran, you can significantly reduce the number of critical vulns, slash mean time to remediate, and gain much-needed SLA relief. Zafran reveals the vulns most likely to be exploited, weighing factors such as runtime presence, threat intelligence, and internet reachability. Our CTEM continuously analyzes your security controls, pinpointing cracks in your defenses that help you enhance your risk posture. Zafran enables proactive exposure hunting, such as to high-profile vulns and threat actors.
zafran.io/
-
The Zscaler Risk Management portfolio includes Unified Vulnerability Management. Our UVM solution gives large enterprises contextual insights into their top security issues and automated workflows to reduce cyber risk. Built on the patented Data Fabric for Security, UVM curates and correlates data from 100s of sources, in any format and scale, to aggregate risk factors, mitigating controls, and business context. UVM enables full transparency into and customization of risk calculations and remediation ticket handling. Dynamic reports and dashboards help security teams understand and communicate threat exposure with no need for spreadsheets or BI tools.
www.zscaler.com/products-and-solutions/vulnerability-management
-
At Amazon, security is job zero. The Amazon Security organization is central to maintaining customer trust and delivering delightful customer experiences. Our mission is to maintain a high bar for security across all of Amazon’s products and services. Our teams lead in protecting company and customer data by continuously assessing our systems, identifying and evaluating risks, and driving mitigations.
www.amazon.com/
-
The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF seeks to make it easier to sustainably secure the development, maintenance, and consumption of the open source software (OSS) we all depend on. This includes fostering collaboration, establishing best practices, and developing innovative solutions.
openssf.org
-
F5 is a multicloud application security and delivery company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to secure every app—on premises, in the cloud, or at the edge. F5 enables businesses to continuously stay ahead of threats while delivering exceptional, secure digital experiences for their customers. For more information, go to f5.com. (NASDAQ: FFIV) You can also follow @F5 on X or visit us on LinkedIn and Facebook to learn about F5, its partners, and technologies.
f5.com
-
Manage vulnerabilities, not spreadsheets. Hackuity automates your Vulnerability Management (VM) to cut through the noise and remediate your critical threats. Empower your Vulnerability Operations Center (VOC) to patch what matters – faster. Available via cloud, hybrid, and on-prem deployment, the Hackuity platform centralizes, normalizes, and deduplicates vulnerabilities from over 100 market-leading scanners and tools, reducing CVSS noise by 99% while prioritizing the top 0.1% of remediation actions using a proprietary risk-based scoring algorithm. It automates 70% of end-to-end VM operations, reduces Mean Time to Remediate (MTTR) for critical patches by 3x, eliminates false negatives, delivers attack surface-specific vulnerability intelligence, and provides a unified view of cyber exposure for both SecOps and the C-suite.
hackuity.io
-
Red Hat is the world's leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
www.redhat.com
