Hi! We have discussed several vulnerability databases here, bad reports and AI slop. I just got a BoF session on FOSDEM granted to continue this discussion. If you are heading to Brussels next week, please mark this session in your calendar:
https://fosdem.org/2026/schedule/event/DAFMJX-vulnerability-today/ Title: Vulnerability today: What's the state of Open Source vulnerability management? Text: The vulnerability management world is in a bit of turmoil. With the DoS-type attack AI slop is putting on Open Source projects at the same time as the funding of core systems is unsure, we need to agree on requirements for the future, ways of working and how we can handle the shift forced by the Cyber Resilience Act. Let's spend an hour talking about this and discuss ways forward. The Global Vulnerability Intelligence Platform is a project that aims at working on a long term solution, a cooperation between OWASP, OpenSSF, Eclipse/ORCWG, OpenForum Europe with support from the Sovereign Tech Resilience project. https://www.gvip-project.org <https://www.gvip-project.org/> It’s part of the BOF/Unconference track. Room K.4.401 Saturday at 15:00 - 15:55 I hope to see many of you there! /Olle
