13 
Location:DoubleTree Resort by Hilton Hotel Paradise Valley – Scottsdale, Arizona, USA
Start date:13/04/2026
End date:16/04/2026
Event Organiser:CVE and FIRST (Forum of Incident Response and Security Teams, Inc)
More information
VulnCon 2026 will have nearly 80 open speaking and/or training sessions available, topics including:
- Consumer Workflows: Real-world stories, from vulnerability scanning through enrichment, prioritization, and remediation. Explore success patterns and persistent pain points.
- Vulnerability Metadata & Data Quality: Deep dive into the evolution, integration, and application of metadata standards and scoring systems (CVE, CVSS, CSAF, EPSS, SSVC, VEX, EoX, etc.).
- Regulations & Public Policy: how emerging regulations, disclosure laws, and public-private collaboration models are reshaping vulnerability response and risk accountability.
- PSIRT Services & Operational Excellence: the evolving maturity of PSIRT programs, from structure and staffing to executive reporting and continuous improvement frameworks.
- Coordinated Vulnerability Disclosure & Researcher Engagement: playbooks, failures, and lessons learned around coordinated disclosure, researcher incentives, and the role of CNAs in advancing trust and transparency.
- Tooling & Automation: emerging tools and automation techniques, including AI/ML applications, that enhance vulnerability triage, scoring, and coordinated response workflows across the ecosystem.
- Emerging Horizons: frontier topics, AI-assisted exploitation analysis, supply-chain integrity, quantum-era vulnerabilities, or resilience metrics for autonomous systems.
Enterprise and Vendor Collaboration: how enterprises can better collaborate with scan and other vulnerability tool vendors. Demonstrate how enterprises and vendors can co-innovate using shared data, AI-driven insights, and risk-based prioritization.
