2025-08-05 –, Florentine F
In the cybersecurity world, the Common Vulnerabilities and Exposures (CVE) system serves as a cornerstone for understanding and mitigating security threats. However, the process of contributing to and utilizing CVE data is often hindered by issues related to transparency. This talk explores how the CVE community struggles with openness, examining why participants—such as vulnerability researchers, vendors, and users—may sometimes fall short of full disclosure.
In the cybersecurity world, the Common Vulnerabilities and Exposures (CVE) system serves as a cornerstone for understanding and mitigating security threats. However, the process of contributing to and utilizing CVE data is often hindered by issues related to transparency. This talk explores how the CVE community struggles with openness, examining why participants—such as vulnerability researchers, vendors, and users—may sometimes fall short of full disclosure.
Jerry Gamblin is a Principal Engineer in the Threat Detection & Response business group at Cisco Security, where he leads research and data science initiatives to enhance Cisco Security products. He is actively involved in the CVE community, participating in various working groups and serving as a member of the EPPS SIG. He regularly speaks on vulnerabilities and vulnerability management at international conferences and manages a CVE data collection site at CVE.ICU.