vmconf.pw Open in urlscan Pro
195.161.41.57  Public Scan

Form analysis
0 forms found in the DOM

Text Content

WELCOME TO VMCONF!

An international ongoing event dedicated to Vulnerability Management. The
initial plan to host the one-day online event has been revised. Read the details
here.

 * From the community (in a very broad sense) and for the community
 * For interesting content and building horizontal connections between people,
   not for marketing of the vendors



--------------------------------------------------------------------------------

1. Blindspots in the Knowledge Bases of Vulnerability Scanners
by Alexander Leonov



Potential customers rarely worry about the completeness of the Knowledge Base
when choosing a Vulnerability Scanner. They usually trust the VM vendors' claims
of the "largest vulnerability base" and the total number of detection plugins.
But in fact the completeness is very important. All high-level vulnerability
prioritization features are meaningless unless the vulnerability has been
reliably detected. In this presentation, I will show the examples of blindspots
in the knowledge bases of vulnerability management products, try to describe the
causes and what we (as customers and the community) can do about it.

Full report

Vulnerability Knowledge Bases Vulnerability Detection

2. Malicious Open Source: the cost of using someone else’s code
by Alexander Leonov



We must start with the fact that this year is fundamentally different. We now
live in The New Reality of Information Security (TNRoIS). It has become quite
clear that Open Source tools and code can harm your organization, because
project maintainers can easily inject malicious features into their projects.
Now they are actually doing it! Hypothetical threats have become quite real! One
of the most interesting examples of this year is the malicious functionality in
popular nodejs module node-ipc. On March 7, 2022, node-ipc maintainer Brandon
Nozaki Miller (RIAEvangelist) embedded a package with malicious code into
node-ipc. Malicious code has a 25% chance of replacing the contents of all files
on systems (with write permissions) with the symbol “❤️”. It worked only on
hosts with Russian and Belarusian IP addresses.

Full report

Malware Detection Software Asset Management Vendor Reputation Management

3. Scanvus - my open source Vulnerability Scanner for Linux hosts and Docker
images
by Alexander Leonov



Scanvus (Simple Credentialed Authenticated Network VUlnerability Scanner) is a
vulnerability scanner for Linux. Currently for Ubuntu, Debian, CentOS, RedHat,
Oracle Linux and Alpine distributions. But in general for any Linux distribution
supported by the Vulners Linux API. The purpose of this utility is to get a list
of packages and Linux distribution version from some source, make a request to
an external vulnerabililty detection API (only Vulners Linux API is currently
supported), and show the vulnerability report.

Full report

Vulnerability Detection


DATES

 * Event/CFP Start: 12.01.2022
 * Event/CFP End: 12.12.2022


CONTACTS

 * CFP: cfp@vmconf.pw
 * Partnerships: inbox@vmconf.pw


MAIN CONCEPT

 * An “ongoing event” that will last until the end of the 2022
 * Not limited by region
 * English is a working language


CALL FOR PAPERS/VIDEOS

CFP will be active from 12.01.2022 to 12.12.2022. Submit a YouTube video of your
VM-related talk to cfp@vmconf.pw. It will be added to the VMconf site and other
resources. CFP Submissions deemed to be a sales pitch of products/services, or
marketing campaigns, will not be accepted. The talks and slides should be in
English.


TOPICS OF INTEREST

 * Vulnerability Knowledge Bases
 * Vulnerability Detection
 * Vulnerability Prioritization
 * Vulnerability Remediation and Patching
 * Vulnerability Management Integrations
 * Vulnerability Management Dashboards for remediation tracking
 * Vulnerability Management Process Standards and Best Practices
 * Vulnerability Management for unusual IT environments
 * Security Hardening and Compliance Management
 * Malware Detection
 * Software Inventory
 * Software Composition Analysis
 * Software Asset Management
 * Vendor Reputation Management

VMconf Committee, 2022
Twitter LinkedIn Telegram