Tag Archives: VMconf22

Malicious Open Source: the cost of using someone else’s code

Malicious Open Source: the cost of using someone else’s code. Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about malicious open source and the cost of using someone else’s code.

Alternative video link (for Russia): https://vk.com/video-149273431_456239086
Video in Russian from CISO Forum 2022: https://youtu.be/LPXg-MEamVA

To be honest, at the beginning of the year I did not plan to talk about these things. But life changes rapidly and unpredictably, so it becomes impossible not to talk about this.

Continue reading

VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners

VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners. Hello everyone! This video was recorded for the VMconf22 Vulnerability Management conference. I want to talk about the blind spots in the knowledge bases of Vulnerability Scanners and Vulnerability Management products.

This report was presented in Russian at Tenable Security Day 2022. The video is here.

Potential customers rarely worry about the completeness of the Knowledge Base when choosing a Vulnerability Scanner. They usually trust the VM vendors’ claims of the “largest vulnerability base” and the total number of detection plugins. But in fact the completeness is very important. All high-level vulnerability prioritization features are meaningless unless the vulnerability has been reliably detected. In this presentation, I will show the examples of blindspots in the knowledge bases of vulnerability management products, try to describe the causes and what we (as customers and the community) can do about it.

Continue reading

VMconf 22: Why Didn’t It Work As Planned and What’s Next?

VMconf 22: Why Didn’t It Work As Planned and What’s Next? Hello everyone! In this episode, I want to talk about VMconf 22. It was an experiment from the beginning. Is it possible to host a Vulnerability Management event with little effort and budget? Looks like no. So I would like to talk about why the original idea failed and the future of VMconf.

The initial idea was to create a website, announce the launch of the CFP in social networks and everything else will happen automatically. People will apply and all that remains is to choose the best talks and manage the stream of the event. Well, no, not really.

Continue reading

VMconf 22 Vulnerability Management conference: Call For Papers started

VMconf 22 Vulnerability Management conference: Call For Papers started. Hello everyone! This episode will be about the VMconf 22 Vulnerability Management conference. CFP started on November 1, which will last a month and a half. So please submit your talk or share this video with someone who might be interested.

Let’s talk about the conference itself. All started with a post in my Telegram channel. I have looked at the listings of cybersecurity conferences and have not seen a global event dedicated entirely to Vulnerability Management.

Specialized conferences are mainly about SOC, DLP, AntiFraud, cryptography. Conferences with broad topics are aimed mainly at C-level executives or hardcore offensive specialists. Conferences are usually very regional. Of course, there are events organized by VM vendors, but their marketing goals are clear and there are usually no CFPs (Calls For Papers) at these events. In our COVID times, it has become much more difficult to attend offline events due to various restrictions.

So, it would be great to have our own independent international online Vulnerability Management event. From the community (in a very broad, global sense) and for the community. For interesting content and development of horizontal connections between people, not for marketing. And we will do it.

Continue reading