Vulnerabilities as Data Streams

How the world of vulnerabilities works from a data perspective. I'll talk about NVD, FSTEC, GitHub Advisory, OSV, bulletins, how it all lives in a single (not always) life cycle.

We'll talk about why you can't just magically create one tool for all systems and languages, why different tools sometimes produce different results, what PURL and CPE have to do with it.