added conclusion

2022-08-17 22:15:53 -05:00 · 2022-08-17 22:15:53 -05:00 · e9bcf0b9fb
commit e9bcf0b9fb
parent 2a01cfc859
1 changed files with 11 additions and 0 deletions
--- a/notes/notes_from_blackhat_2022.md
+++ b/notes/notes_from_blackhat_2022.md
@ -55,3 +55,14 @@ the same or slight variation) because they figured out the patch is a dud
 pretty easily by reversing the code and seeing basically no differences. [link_to_slides](https://www.blackhat.com/us-22/briefings/schedule/index.html#calculating-risk-in-the-era-of-obscurity-reading-between-the-lines-of-security-advisories-26874)

 I am for sure going to rewatch both talks when blackhat posts them online.
+
+### Conclusion
+I think growing the osv.dev database is an important step. I am going to
+continue to try to learn more about VEX and try to see if I can potentially
+develop some tooling around it and/or write conversion programs that convert
+security advisories to osv-dev schema. CPEs are great for things like microsoft
+products and I am interested to see if they adopt it. I will try to look
+further into seeing what microsoft is doing about SBOMS because I am curious.
+Overall it was a good trip and I am glad that I went. I dont really like Las
+Vegas (at least the strip), and having to dodge drunk people sucked but it is what it is. 
+Next time I go I will rent a car or motorbike and try to get out of the city maybe on one of the early days or in between talks to change it up a bit