Jerry Gamblin

Nothing great was ever built by someone who had to be talked into building it.

Version 2 of my CVE Intelligence TA for @Splunk is live on Splunkbase. I’ve added EPSS probability, CISA KEV status, and SSVC data to the baseline for 327k+ vulnerabilities. No API keys, zero-config, and pre-joined lookups for faster triage. Full details and download: jerrygamblin.com/2026/04/18/pri…

When the NVD and GitHub disagree on a CVSS score, who do you trust? I’m at #VulnCon and built Vuln Anarchy to visualize the scoring gap. This chart shows nearly 1,500 instances where the math doesn't align. Live Data: rogolabs.github.io/vuln-anarchy/ Repo: github.com/RogoLabs/vuln-… #VulnerabilityManagement #AppSec #CVE #NVD #VulnCon2026 #RogoLabs

NIST just dropped a major update on NVD operations. They’re moving to a risk-based model, prioritizing CISA KEV and federal software while labeling most other CVEs as "Not Scheduled" for enrichment. nist.gov/news-events/ne…

Me after using Claude Code to Ralph a POC and telling the team I "architected" the solution, despite not having actually looked at the code yet.

Paid $25 on eBay for a 1943 cryptography book. It arrived signed by LTC George R. Eckman, the Executive Officer of the Alsos Mission, the WWII task force that hunted Nazi nuclear scientists across Europe. It's going to the U.S. Army Intelligence Hall of Fame. Some books belong in archives. 🔐

I heard you like CVEs, so I reported CVEs in your CVE filing software. Just reported and fixed CVE-2026-35466 & CVE-2026-35467 in CVEClient. Massive thanks to @CERTCC for the world-class coordination. This is how CVD is done. 🛡️ github.com/CERTCC/cveClie…

A lot of problems persist because the solution is too simple to take seriously.

Finally glad to see NASA going to the Moon. The graphics on this reboot look way better than the 1969 soundstage! #Artemis #MoonLanding

March 2026 was a brutal month for vulnerabilities. 🛡️ Here is the damage: • 6,246 new CVEs (+55.7% Over Last March) • 169 new vulns per day 🤯 • 7.1 median CVSS severity (High) The Top 3 Culprits: 🥇 XSS (730) 🥈 SQLi (325) 🥉 Missing Auth (292) 2026 is already up 27% YoY. Patch management has never been more critical.

Dove just dropped a 96-hour deodorant. I’m sorry, but if I haven’t showered in 96 hours, the smell of my armpits is the least of my problems.

If you told 2010-me that in 2026 I’d be spending more time in a terminal than I did as a full-time Linux admin, I would’ve laughed you out of the server room. 🐧 Between Copilot CLI, Claude, and specialized agents, my shell is basically my OS now. The command line is officially the "new" UI. ⌨️🚀

Got the coolest graffiti water bottle from @splunk tonight at RSA. The artists they had working were amazing. #RSAC

The "Zero Day Clock" at #RSAC is a masterclass in bad data science. 📉 By ignoring right-censoring and selection bias, it forces a "collapse" that doesn't exist. It mistakes NVD backlog for attacker velocity. Data audit & technical receipts here: gist.github.com/jgamblin/91f78… #RSAC2026 #Infosec #CyberSecurity

Love this @digicert.

This seems like the start to a video game side quest.