V4C-TC: Vulnerability Forecasting Technical Colloquia The TramShed Cardiff, UK, September 28-29, 2023 |
Submission link | https://easychair.org/conferences/?conf=v4ctc |
First round of speakers | August 11, 2023 |
Submission deadline | August 11, 2023 |
Second round of speakers | August 25, 2023 |
The Vulnerability Forecasting Technical Colloquium gathers people to talk about vulnerabilities, published or unpublished. Forecasting and prediction of anything to do with potential exploits, actual exploits, or hypothetical exploits is on topic. We welcome metrics, measurement, and moderation of vulnerabilities, coordinated or unilaterally published.
The overall field of vulnerability management has been scattered for decades. We try to measure: define, identify, count, and catalog vulnerabilities, assess characteristics, detect existence and use, and prioritize responses. In recent years, we’ve worked on prediction of the occurrence (distribution) of new vulnerabilities (cite vuln4cast) and the likelihood that they will be exploited (cite EPSS). We are also interested in the growth of software, such as measurement of CPE, CWE, or SBOMs.
This Technical Colloquia gathers interested parties to present, discuss, and improve vulnerability measurement and prediction models, methodologies, and techniques. Submissions are welcome on any of the topics:
Software Vulnerabilities (CVE/CWE)
Exploits
Exploitation
The cost of exploitation to the attacker or defender
Bug bounty programs statistics or metrics
Economics of bug hunting or bug hunters
The growth of software, it’s use, or changes in market share
CNA statistics or yearly reports
Vulnerability deduplication and differentiation from different databases
The main point though is that we aim to move from measurement, to prediction or forecasting. We are not in love with the problem, and while zerodays make heroes, we’re more interested in making vulnerability management manageable, and exploitation easy to foresee. Less reactionary and more confident. Over achieving and under budget. We foresee the harm and avoid or contain it.