Join VulnCheck at CVE | FIRST Vulnerability Conference 2026 (VulnCon 2026) and Annual CNA Summit, where the global vulnerability management community gathers to collaborate, exchange research, and advance the vulnerability ecosystem. The conference takes place April 13 - 16 in Scottsdale, Arizona, bringing together researchers, vendors, and defenders working to improve how vulnerabilities are discovered, prioritized, and remediated.
VulnCheck is excited to serve as a Platinum Sponsor of VulnCon 2026.
VulnCheck Speaking Sessions: Our researchers and experts will be presenting multiple sessions during VulnCon 2026, sharing insights into vulnerability exploitation, CVE ecosystem dynamics, and vulnerability prioritization.
Identifying Exploited and Likely-to-Be-Exploited Vulnerabilities
Speakers: Patrick Garrity, Wade Sparks
Date | Time: April 14 at 4:35 p.m. MT
This session explores how VulnCheck identifies vulnerabilities that are actively exploited or likely to be exploited even before CVE assignment. The talk will walk through VulnCheck’s research workflow for correlating exploitation evidence from multiple intelligence sources, including exploit code, advisories, detection telemetry, and third-party threat intelligence, to identify gaps and coordinate CVE assignment when necessary. Attendees will learn how collaborative research can improve visibility into emerging threats and strengthen the vulnerability ecosystem.
Women Belong in Cyber: The Women of FIRST SIG
Speaker: Khushali Dalal
Date | Time: April 15 4:30 p.m. MT
Join the Women of FIRST SIG for an informational session focused on building a more inclusive and supportive cybersecurity community. This group of gender-diverse security practitioners is dedicated to advancing the participation of women in cybersecurity through mentorship, knowledge sharing, and networking. Learn how the SIG supports individuals at every stage, from students and early-career professionals to those re-entering the workforce, and how you can get involved in helping close the gender gap in the industry.
The Myth of the Meteoric Rise in Vulnerabilities
Speaker: Scott Moore
Date | Time: April 16 at 10:30 a.m. MT
This session challenges the common narrative that rising vulnerability counts reflect declining software security. While CVE disclosures increased significantly in recent years, the rise is often influenced by reporting incentives, expanded coverage across ecosystems, and academic initiatives, rather than a direct increase in exploitable risk. Scott Moore will examine the structural drivers behind CVE growth and explain how inflated counts can distort risk perception, misdirect remediation efforts, and obscure real progress in secure development.
AI Is Writing Your Bug Reports. Can You Tell?
Speaker: Khushali Dalal
Date | Time: April 16 at 10:30 a.m. MT
In this interactive session, attendees will evaluate real-world–inspired vulnerability reports and determine whether they were written by a human researcher, generated by AI, or created through a hybrid approach. As the session progresses, additional context will be revealed,missing proof-of-concept details, contradictory technical claims, hallucinated CVEs, reused templates, and subtle credibility signals.The audience will vote and debate in real time, followed by guided analysis on how PSIRT teams distinguish signal from noise when AI is involved. Rather than framing AI as purely a problem or solution, this talk focuses on practical detection methods, validation strategies, and process adaptations security teams can implement today. It also highlights real decision-making challenges and lessons learned from live vulnerability response programs.
Panel: Supply Chains and Malware Campaigns: Is CVE the Right Way to Name the Game?
Panelist: Caitlin Condon
Date | Time: April 16 at 1:15 p.m. MT
This panel examines the role of CVE identifiers in tracking vulnerabilities tied to supply-chain compromises and malware campaigns. The discussion will bring together multiple perspectives from across the vulnerability ecosystem to explore the future of vulnerability identification and coordination.
Beyond attending our speaking sessions, be sure to visit our exhibit table on April 14 and 15 to meet the team, explore the latest research on vulnerability exploitation, and discover how our exploit intelligence can help organizations focus on the vulnerabilities that truly matter.
Don’t miss this chance to connect with our experts and see firsthand how we are helping organizations stay ahead of evolving cyber threats.