From e9bcf0b9fb650b74d907495127ede3f938d6e2ca Mon Sep 17 00:00:00 2001 From: bpmcdevitt Date: Wed, 17 Aug 2022 22:15:53 -0500 Subject: [PATCH] added conclusion --- notes/notes_from_blackhat_2022.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/notes/notes_from_blackhat_2022.md b/notes/notes_from_blackhat_2022.md index 0f5143a..70af0be 100644 --- a/notes/notes_from_blackhat_2022.md +++ b/notes/notes_from_blackhat_2022.md @@ -55,3 +55,14 @@ the same or slight variation) because they figured out the patch is a dud pretty easily by reversing the code and seeing basically no differences. [link_to_slides](https://www.blackhat.com/us-22/briefings/schedule/index.html#calculating-risk-in-the-era-of-obscurity-reading-between-the-lines-of-security-advisories-26874) I am for sure going to rewatch both talks when blackhat posts them online. + +### Conclusion +I think growing the osv.dev database is an important step. I am going to +continue to try to learn more about VEX and try to see if I can potentially +develop some tooling around it and/or write conversion programs that convert +security advisories to osv-dev schema. CPEs are great for things like microsoft +products and I am interested to see if they adopt it. I will try to look +further into seeing what microsoft is doing about SBOMS because I am curious. +Overall it was a good trip and I am glad that I went. I dont really like Las +Vegas (at least the strip), and having to dodge drunk people sucked but it is what it is. +Next time I go I will rent a car or motorbike and try to get out of the city maybe on one of the early days or in between talks to change it up a bit