A new generation of tools for open source vulnerability management
I've been a part of a PSIRT for over 20 years, first as the leader of Mandriva's PSIRT (although we didn't call it that then) and currently for Red Hat. While its changing somewhat today, there were never that many tools for a PSIRT to use, compared to the plethora of tools available to CSIRTs. Sure we have static code analysis (SCA), static application security testing (SAST), and dynamic application security testing (DAST) tools to identify known and unknown vulnerabilities in our products. But there was never a great way to manage the data around those vulnerabilities so most PSIRTs rely on homegrown tooling or piggyback things onto existing tools that weren't meant for that use.