GCVE: Rebooting Vulnerability Tracking for an Open Security Ecosystem
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Toggle automatic slides maximization | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Seek 1 frame backward | alt + left arrow |
| Seek 1 frame forward | alt + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
The vulnerability ecosystem has become critical infrastructure for defenders, vendors, researchers, and open source maintainers. Yet the way identifiers and vulnerability data are assigned, published, and distributed still reflects a centralized model that does not always match the speed, diversity, and realities of today’s security landscape. This talk introduces GCVE, a new approach to vulnerability identification and tracking designed to support a more open, decentralized, and resilient ecosystem. GCVE rethinks how vulnerability numbers can be allocated, how trusted actors can publish advisories, and how vulnerability information can be synchronized without creating unnecessary bottlenecks or dependency on a single central authority. Through the lens of open source security, the talk will explain why this matters: maintainers need lightweight processes, defenders need timely and structured data, and the community needs a model that encourages participation rather than gatekeeping. It will also show how GCVE and its associated tooling can help make vulnerability tracking more transparent, interoperable, and adaptable. Rather than presenting only a new identifier format, this session will explore a broader idea: how we can build vulnerability tracking as shared public infrastructure for the security community.
Other media in the channel "2026"
3 views, 3 this year, 3 this monthDesktopRanger Blocks Keystroke Spying: Hardening Windows Desktop IsolationJuly 1st, 2026
Rust, PAM and Typestate: Cooking up spotless authentication with nonstickJuly 2nd, 2026
Fractum: an open-source CLI for Threshold-Based Cold Storage of Critical SecretsJuly 2nd, 2026
3 views, 3 this year, 3 this monthKeibiDrop: Post-Quantum Encrypted Peer-to-Peer File Transfer Without the CloudJuly 2nd, 2026
1 views, 1 this year, 1 this monthOblivious HTTP - when the server does not want to see your IPJuly 2nd, 2026
7 views, 7 this year, 7 this monthYour credentials were leaked, so what?July 2nd, 2026