VulnCon is a quite unique conference focus on software (and not only) vulnerability management. It is happening at the beginning of April and I will be speaking twice:

- First, on building a public, open specification for how to manage vulnerabilities - something that works for open source projects and doesn’t have a paywall in front.

- Second, on the very real, very messy process of tagging vulnerabilities when your software pulls from multiple sources.