A Vulnerability Database Should Not Be About Vulnerabilities

Explore a thought-provoking conference talk that challenges conventional thinking about vulnerability databases. Delve into the current state of these databases and uncover the "Telephone Game Problem" affecting data integrity. Examine the importance of trust and the concept of putting packages first. Investigate why focusing on vulnerable code is crucial and learn about tools and data sources for effective vulnerability management. Discover techniques for aggregating, correlating, and refining data across multiple levels. Address challenges such as growth packages, missing packages, and duplicated data. Gain insights into future plans for improving vulnerability databases and enhancing overall cybersecurity practices.

Introduction
Agenda
State of Vulnerability Databases
Telephone Game Problem
Trust
Package First
Why vulnerable code
Tools
Data Source
Aggregate Correlate
Multilevel Refinement
Growth Packages
Missing Packages
Duplicated Data
Other Issues
Future Plans
Outro