Call for Speakers is Open! Submission Due by December 22, 2025

Overview

We are seeking dynamic, creative, and practical proposals that highlight and demonstrate your work and ideas on current and pressing issues in vulnerability management. Consider submitting a conference talk, workshop, training session, or tabletop exercise and join the event to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.

VulnCon 2026 Co-Hosted by FIRST and the CVE Program, will take place April 13-16, 2026 at the DoubleTree Resort Paradise Valley in Scottsdale (AZ), USA. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem, enable and encourage cross-collaboration so that we can better work together and benefit the ecosystem broadly.

Call for Speakers

We are seeking session talks and training/table-top exercises/workshops on the following topics:

  • Consumer Workflows: Real-world program stories, from vulnerability scanning through enrichment, prioritization, and remediation. Explore both success patterns and persistent pain points. Highlight your vulnerability management program!
  • Vulnerability Metadata & Data Quality: Deep-dive into the evolution, integration, and application of metadata standards and scoring systems (CVE, CVSS, CSAF, EPSS, SSVC, VEX, EoX, etc.). Emphasize positive solutions and methods that would improve data trustworthiness.
  • Regulations & Public Policy: Share your insight on how emerging regulations, disclosure laws, and public-private collaboration models are reshaping vulnerability response and risk accountability.
  • PSIRT Services & Operational Excellence: Explore the evolving maturity of PSIRT programs, from structure and staffing to executive reporting and continuous improvement frameworks.
  • Coordinated Vulnerability Disclosure & Researcher Engagement: Share playbooks, failures, and lessons learned around coordinated disclosure, researcher incentives, and the role of CNAs in advancing trust and transparency.
  • Enterprise & Vendor Collaboration: Explore how enterprises can better collaborate with scan and other vulnerability tool vendors. Demonstrate how enterprises and vendors can co-innovate using shared data, AI-driven insights, and risk-based prioritization.
  • Tooling & Automation: Showcase emerging tools and automation techniques, including AI/ML applications, that enhance vulnerability triage, scoring, and coordinated response workflows across the ecosystem.
  • Emerging Horizons: We also welcome creative sessions on frontier topics, AI-assisted exploitation analysis, supply-chain integrity, quantum-era vulnerabilities, or resilience metrics for autonomous systems.

VulnCon 2026 will have nearly 80 open speaking and/or training sessions available, so please consider submitting a session or education training to share with the ecosystem.

CFP Timeline

Please use the following timeline for guidance. Slight variances could be expected.

  • Call for Papers Close: December 22, 2025
  • Notification of Acceptance: Week of February 2, 2026
  • Acceptances Due: February 18, 2026

Speaker Privileges

To help keep registration fees accessible for all participants, accepted speakers and workshop leaders receive a discounted registration rate of $300. Please note that accommodation and travel support are not provided.

Submission Process

All proposals should be submitted via EasyChair using the link below. If you are new to EasyChair, a registration will be required before accessing the submission form. Please give yourself a minimum of 15-20 minutes to complete your submission. You are welcome to submit multiple proposals.

Access the Submission Form Here

Questions?

Please send questions to events@first.org and someone will get back you.