
It’s that time of year again! The first week of August means my annual trip to the desert for “Security Summer Camp”—the whirlwind of BSides Las Vegas, Black Hat, and DEF CON. It’s always an exhausting but amazing week, and I can’t wait to dive in, catch up with everyone, and talk about what I’ve been working on.
This year, I’m excited to be giving two talks that dig into the weeds of the CVE ecosystem.
My Talks in Vegas
I’ll be on stage at both BSidesLV and the AppSec Village at DEF CON.
Event | Talk Title | The Gist | When & Where |
BSides Las Vegas | “The Art of Concealment: CVE’s Challenge with Transparency” | A 20-minute dive into the “broken promise” of the CVE system. I’ll break down the four pillars of an actionable CVE (Weakness, Product, Severity, Fix) and show how incomplete data is breaking our automated tools. I’ll also introduce CNAScoreCard.org, a new RogoLabs project to bring transparency and accountability to the ecosystem by measuring data quality. | Tues, Aug 5 @ 2:30 PM at the Tuscany Suites & Casino |
AppSec Village at DEF CON 33 | “CVE Crisis: Navigating the Post-NVD Monolith Era” | A look at the bigger picture of our strained disclosure ecosystem now that the NVD is no longer the single source of truth. With the institutional power shifting to CISA, I’ll cover how to navigate this new fragmented landscape by integrating multiple intelligence sources (CISA KEV, open-source, commercial feeds) and moving to a true risk-based vulnerability management model. | Friday Afternoon, Aug 8 at the AppSec Village |
Let’s Connect
The best part of this week is always the people. I’m genuinely looking forward to connecting, hearing what you’re working on, and trading stories from the trenches.
My passion project, RogoLabs, is all about bringing clarity to vulnerability intelligence through open-source tools like CVE.ICU. To celebrate that, I’ll have some of the very first-run RogoLabs stickers with me.
If you see me, please say hello! I’d love to chat about CVEs, vulnerability management, or anything else. Find me after one of my talks or just flag me down in the hallway.
You can find me on bsky, Twitter, or Mastodon (infosec.exchange) as @jgamblin or learn more about my work at RogoLabs.net.
See you in Vegas!