The Vulnerability Forecasting Technical Colloquium gathers people to talk about vulnerabilities; published or unpublished. Forecasting and prediction of anything to do with potential exploits, actual exploits, or hypothetical exploits is on topic. We welcome metrics, measurement, and moderation of vulnerabilities, coordinated or unilaterally published.
The overall field of vulnerability management has been scattered for decades. We try to measure: define, identify, count, and catalog vulnerabilities, assess characteristics, detect existence and exploitation, and prioritize responses. In recent years, we’ve worked on prediction of the occurrence of new vulnerabilities (vuln4cast) and the likelihood that they will be exploited (EPSS). We are also interested in the growth of software, such as measurement of CPE records. Further topics include CVSS, CWE, or SBOMs, or decision support such as SSVC.
This Technical Colloquia gathers interested parties to present, discuss, and improve vulnerability measurement and prediction models, methodologies, and techniques. Submissions are welcome on any of the topics:
We do not expect speakers to have an academic paper published. We intend to have a discussion and exploratory atmosphere, and invite academics and practitioners alike.
The main point though is that we aim to move from measurement, to prediction or forecasting. We are not in love with the problem, and while zerodays make heroes, we’re more interested in making vulnerability management manageable, and exploitation easy to foresee.
In short form; Less reactionary and more confident. Overachieving and under budget. We foresee the harm and contain it before it is realized. The vulnerabilities of the future are no longer surprises or surprising.
The call for papers is now closed. Thank you for your submissions this year, we have accepted talks and they will be published on the website as they confirm. The CFP is now closed, but you can always look forward to next year! There is opportunity for informal lightning talk sessions on the second day, so do please bring 10-20 minutes on your favorite workshopping topics.
The first day will be composed of academic style presentations and discussions, and the second day will be focused on hackathons, workshops, and collaborative innovations.
To discuss sponsorship opportunities please contact one of the Program Committee members at firstname.lastname@example.org.
Registration is $100 US to attend. Funding a Technical Colloquium is the responsibility of the organizers. Your admission fee will help us cover facility and catering costs. Credit card, ACH, wire transfer, and purchase order options available. To register, please use the link below.
The event will be held at Tramshed Tech.
Unit D, Pendyris St
Cardiff CF11 6BH