Vulnerability management and Open Source: FOSDEM BoF

["Olle E. Johansson" <oej () edvina net>]

Hi!

We have discussed several vulnerability databases here, bad reports and AI slop. I just got a BoF session on FOSDEM 
granted to continue this discussion. If you are heading to Brussels next week, please mark this session in your 
calendar:

https://fosdem.org/2026/schedule/event/DAFMJX-vulnerability-today/


Title: Vulnerability today: What's the state of Open Source vulnerability management?

Text: The vulnerability management world is in a bit of turmoil. With the DoS-type attack AI slop is putting on Open 
Source projects at the same time as the funding of core systems is unsure, we need to agree on requirements for the 
future, ways of working and how we can handle the shift forced by the Cyber Resilience Act. Let's spend an hour talking 
about this and discuss ways forward.
The Global Vulnerability Intelligence Platform is a project that aims at working on a long term solution, a cooperation 
between OWASP, OpenSSF, Eclipse/ORCWG, OpenForum Europe with support from the Sovereign Tech Resilience project.
https://www.gvip-project.org <https://www.gvip-project.org/>

It’s part of the BOF/Unconference track. Room K.4.401 Saturday at 15:00 - 15:55


I hope to see many of you there!

/Olle