Hello everyone! This episode will be about the VMconf 22 Vulnerability Management conference. CFP started on November 1, which will last a month and a half. So please submit your talk or share this video with someone who might be interested.

Let’s talk about the conference itself. All started with a post in my Telegram channel. I have looked at the listings of cybersecurity conferences and have not seen a global event dedicated entirely to Vulnerability Management.

Specialized conferences are mainly about SOC, DLP, AntiFraud, cryptography. Conferences with broad topics are aimed mainly at C-level executives or hardcore offensive specialists. Conferences are usually very regional. Of course, there are events organized by VM vendors, but their marketing goals are clear and there are usually no CFPs (Calls For Papers) at these events. In our COVID times, it has become much more difficult to attend offline events due to various restrictions.

So, it would be great to have our own independent international online Vulnerability Management event. From the community (in a very broad, global sense) and for the community. For interesting content and development of horizontal connections between people, not for marketing. And we will do it.

Main concepts

• Completely online event
• Not limited by region; formal location is Koror City, Palau
• English is a working language
• All papers go through CFP and Program Committee
• We directly invite best VM practitioners, researchers, developers of open source utilities and content

So, what are the Topics of interest for VMconf?

I wanted to focus this event on the core functionality of Vulnerability Management products, like MP8/Nessus/Qualys/Nexpose. Otherwise, it will become yet another general hacker conference and the concept will collapse. After discussing, we produced this list:

• Vulnerability Knowledge Bases
• Vulnerability Detection
• Vulnerability Prioritization
• Vulnerability Remediation and Patching
• Vulnerability Management Integrations
• Vulnerability Management Dashboards for remediation tracking
• Vulnerability Management Process Standards and Best Practices
• Vulnerability Management for unusual IT environments
• Security Hardening and Compliance Management
• Asset/Target Management
• Software Inventory
• Software Composition Analysis

What about money?

It seems to me that such a completely online event could be held without a budget at all. And without partnership with VM vendors, that can affect the program. We can stream the event to YouTube or Twitch and add people to the stream via Zoom or Skype. If there will be a relatively small number of participants, we can do it entirely in Zoom, which is even easier. For those who will not be able to connect because of technical reasons (and this is inevitable), it will be possible to add their performances in the form of video recordings, and discuss it in comments section on YouTube.

We will talk about the technical part after the end of the CFP in mid-December. If you would like to share your ideas, welcome to VMconfChat in Telegram.

And again Call For Paper was launched. The standard duration of the talk is 25 minute presentation + 5 minute Q&A. So if you want to be a speaker, complete the form at VMconf.pw. Or recommend a speaker to us. It would be very helpful.