Vulnerability Forecasting Technical Colloquium
Cardiff, Wales (UK), September 28th-29th, 2023
The Vulnerability Forecasting Technical Colloquium gathers people to talk about vulnerabilities; published or unpublished. Forecasting and prediction of anything to do with potential exploits, actual exploits, or hypothetical exploits is on topic. We welcome metrics, measurement, and moderation of vulnerabilities, coordinated or unilaterally published.
The overall field of vulnerability management has been scattered for decades. We try to measure: define, identify, count, and catalog vulnerabilities, assess characteristics, detect existence and exploitation, and prioritize responses. In recent years, we’ve worked on prediction of the occurrence of new vulnerabilities (vuln4cast) and the likelihood that they will be exploited
(EPSS). We are also interested in the growth of software, such as measurement of CPE records. Further topics include CVSS, CWE, or SBOMs, or decision support such as SSVC.
This Technical Colloquia gathers interested parties to present, discuss, and improve vulnerability measurement and prediction models, methodologies, and techniques. Submissions are welcome on any of the topics:
- Software vulnerabilities and their measurement or metrics
- Exploits, exploitation
- The cost of exploitation to the attacker or defender
- Bug bounty programs statistics or metrics
- Economics of bug hunting or bug hunters
- The growth of software, its use, or changes in market share
- CVE and CNA statistics or yearly reports
- Vulnerability deduplication and differentiation across different databases
We do not expect speakers to have an academic paper published. We intend to have a discussion and exploratory atmosphere, and invite academics and practitioners alike.
The main point though is that we aim to move from measurement, to prediction or forecasting. We are not in love with the problem, and while zerodays make heroes, we’re more interested in making vulnerability management manageable, and exploitation easy to foresee.
In short form; Less reactionary and more confident. Overachieving and under budget. We foresee the harm and contain it before it is realized. The vulnerabilities of the future are no longer surprises or surprising.
Call for Papers
The call for papers is now closed. Thank you for your submissions this year, we have accepted talks and they will be published on the website as they confirm. The CFP is now closed, but you can always look forward to next year! There is opportunity for informal lightning talk sessions on the second day, so do please bring 10-20 minutes on your favorite workshopping topics.
Program Overview
The first day will be composed of academic style presentations and discussions, and the second day will be focused on hackathons, workshops, and collaborative innovations.
To discuss sponsorship opportunities please contact one of the Program Committee members at vulnforecastingtc@proton.me.
Registration
Registration is $100 US to attend. Funding a Technical Colloquium is the responsibility of the organizers. Your admission fee will help us cover facility and catering costs. Credit card, ACH, wire transfer, and purchase order options available. To register, please use the link below.
Location
The event will be held at Tramshed Tech.
Tramshed Tech
Unit D, Pendyris St
Cardiff CF11 6BH
Wales, UK
phone: +442920103090
website: www.tramshedtech.co.com
Hotel Suggestions
Click on the map to see it enlarged on Google Maps.
