2025-10-23 –, Vianden & Wiltz
This hands-on workshop introduces the open-source Vulnerability Lookup project and the Global Common Vulnerabilities and Exposures (GCVE) initiative, two complementary efforts designed to modernize and decentralize the way vulnerabilities are published, shared, and consumed.
This hands-on workshop introduces the open-source Vulnerability Lookup project and the Global Common Vulnerabilities and Exposures (GCVE) initiative, two complementary efforts designed to modernize and decentralize the way vulnerabilities are published, shared, and consumed.
Participants will discover how Vulnerability Lookup acts as a collaborative platform for collecting, enriching, and analyzing vulnerability data, supporting every stage of the vulnerability management lifecycle, from discovery and prioritization to tracking remediation and assessing exposure. The session will also introduce GCVE, a next-generation, decentralized framework for vulnerability identification that empowers organizations to act as GCVE Numbering Authorities (GNAs) with greater autonomy and flexibility.
- How to publish and synchronize vulnerabilities using the GCVE and vulnerability-lookup ReST API.
- How decentralized allocation empowers vendors, researchers, and CSIRTs to disclose vulnerabilities more efficiently.
- How to leverage Vulnerability Lookup to support vulnerability triage, enrichment (EPSS, CVSS, Multi KEV), and exposure tracking.
- How Vulnerability Lookup integrates with GCVE to provide real-time insights, cross-references, and analytics.
- Best practices for integrating GCVE and Vulnerability Lookup into your existing vulnerability management workflows.
By the end of the workshop, attendees will understand how these open-source initiatives can strengthen their own vulnerability management processes and contribute to a more resilient, transparent, and collaborative security community.
I do and break stuff.
Cédric Bonhomme is a computer scientist at CIRCL with over 15 years of experience contributing to open-source software. Holding a Licence in Mathematics and a Master’s degree in Computer Science, he combines a strong theoretical foundation with hands-on expertise in cybersecurity and privacy.
From 2010 to 2017, he worked as an R&D Engineer at a research center, specializing in Multi-Agent Systems and cybersecurity. More recently, Cédric has been actively involved in CSIRT operations and the development of innovative tools, most notably as the main developer of Vulnerability-Lookup, a platform dedicated to identifying, correlating, and managing software vulnerabilities. Among his recent work, he has focused on designing specialized AI models to enhance vulnerability classification and analysis.
Beyond his professional work, Cédric is a dedicated pianist, runner, photographer, and philosopher bringing the same precision and curiosity to his hobbies as he does to cybersecurity research. He thrives in dynamic, collaborative environments and has a long-standing passion for connecting with open-source and security communities.