Vulnerability Forecasting Technical Colloquium

  • Vulnerability Forecasting Technical Colloquium

Vulnerability Forecasting Technical Colloquium

Utrecht, Netherlands (NL), October 3-4, 2024

The Vulnerability Forecasting Technical Colloquium gathers people to talk about vulnerabilities; published or unpublished. Forecasting and prediction of anything to do with potential exploits, actual exploits, or hypothetical exploits is on topic. We welcome metrics, measurement, and moderation of vulnerabilities, coordinated or unilaterally published.

The overall field of vulnerability management has been scattered for decades. We try to measure: define, identify, count, and catalog vulnerabilities, assess characteristics, detect existence and exploitation, and prioritize responses. In recent years, we’ve worked on prediction of the occurrence of new vulnerabilities (vuln4cast) and the likelihood that they will be exploited (EPSS). We are also interested in the growth of software, such as measurement of CPE records. Further topics include CVSS, CWE, or SBOMs, or decision support such as SSVC.

This Technical Colloquia gathers interested parties to present, discuss, and improve vulnerability measurement and prediction models, methodologies, and techniques. Submissions are welcome on any of the topics:

We do not expect speakers to have an academic paper published. We intend to have a discussion and exploratory atmosphere, and invite academics and practitioners alike.

The main point though is that we aim to move from measurement, to prediction or forecasting. We are not in love with the problem, and while zerodays make heroes, we’re more interested in making vulnerability management manageable, and exploitation easy to foresee.

In short form; Less reactionary and more confident. Overachieving and under budget. We foresee the harm and contain it before it is realized. The vulnerabilities of the future are no longer surprises or surprising.

Program Overview

The first day will be composed of academic style presentations and discussions, and the second day will be focused on hackathons, workshops, and collaborative innovations.

Sponsorships Available

To discuss sponsorship opportunities please contact one of the Program Committee members at events@first.org.

Sponsorship Prospectus

Registration

Registration is €100 to attend. Funding a Technical Colloquium is the responsibility of the organizers. Your admission fee will help us cover facility and catering costs. Credit card, ACH, wire transfer, and purchase order options available. To register, please use the link below.

Register Now!

Location

The event will be held at Kargadoor - Cultureel en Maatschappelijk Podium.

Oudegracht 36
3511 AP
Utrecht, NL
website: https://www.kargadoor.nl/

 Vulnerability Forecasting Technical Colloquium

Click on the map to see it enlarged on Google Maps.