CVE/FIRST VulnCon 2025 & Annual CNA Summit

The purpose of the conference is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.

Raleigh, NC

April 7-10

Check out the recorded content from the 2024 conference at YouTube

Please join us at the 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (aka “VulnCon”) sponsored by FIRST and the CVE Program. The conference will take place April 7th through 10, 2025. The location for the event will again be the North Carolina State University, McKimmon Center.

VulnCon is Co-Hosted by FIRST and the CVE Program. This event will be open to both FIRST members and non-members around the world who are part of the vulnerability ecosystem.

Mark your calendars for the return of this exciting conference!

We have an action-packed docket of dynamic speakers and cross-industry topics that we feel will accelerate collaboration within the vulnerability management and standards/frameworks space! This will be a must-see event for anyone involved in researching, reporting, triaging, mitigating, and communicating about security vulnerabilities. Some highlights from the agenda include:

40+ sessions across 4 full days of content and networking/collaboration
PSIRTs, Vulnerability SIGs, Working Groups, and other vulnerability ecosystem experts presenting about CVE, CVSS, EPSS, KEV, VEX, CVD, SBOM, Incident Response, and others!
Speakers from CISA, MITRE, ENISA, global CERT teams, the OpenSSF, FIRST, and other renown industry experts
Actionable advice on how to engage with CVD across ecosystem stakeholders and how to use and align the assorted vuln metadata tools, frameworks, and standards

Some showcase sessions will include:

A “Day of VEX” from practitioners
A “Day of Vuln Identifiers” from practitioners
Previous talk topics included “Supply Chain Security: The Office of the National Cyber Director Perspective”, “Vulnerability Coordination in the EU”, “What it takes to lead America’s Vulnerability Management Team”, and sessions from global CERT teams
Expert panels on Industry CVD, Vulnerability identifiers, VEX, Decentralized Root Cause analysis, the risks of requiring premature vuln disclosure, and more!
Detailed sessions updating frameworks like CWE, CVSS, EPSS, and others

Register now

Register now.

More events

View all

In-Person

BSides Seattle

Seattle, WA

April 19, 2025

In-Person

HMG CISO Executive Summit

Washington D.C.

In an era of unprecedented technological advancements, this is a pivotal moment for technology leaders. Beyond Moore’s Law, the rise of large language models (LLMs), generative AI, and Nvidia’s GPU dominance presents a once-in-a-lifetime opportunity for visionary business tech leaders—CEOs, CIOs, CISOs, and CTOs. These leaders must navigate this Supercycle of innovation and disruption with fearless and courageous leadership to capture new business models and opportunities through Gen AI initiatives. Top technology leaders will provide strategic and visionary insights into the technology Supercycle of innovation, disruption, and invention. This session will equip you with the knowledge and foresight needed to lead your organization into the future.

April 22, 2025

In-Person

Hack the Bay (at RSA)

San Francisco

HackTheBay is a hacker event held in the San Francisco Bay Area. It takes place during Security Week, between BSidesSF and RSA, bringing together the best hackers and cybersecurity professionals.

April 28, 2025

See the benefit in your environment.

Get a demo