About RogoLabs

Where vulnerability chaos meets clarity through open-source intelligence

My Mission: Making Security Practical

I transform overwhelming vulnerability data into clear, actionable intelligence that security teams can actually use. I believe the best security happens when practical tools are shared freely with the community—no vendor lock-in, no hidden costs, just effective solutions.

The Story Behind RogoLabs

I created RogoLabs to solve a fundamental problem: "How do we fix what matters?" The name is from the Latin verb "rogo" ("I ask"), the root of the word "interrogate." My mission is to relentlessly question vulnerability data to reveal what truly requires action.

While others get lost in endless CVE feeds and alert fatigue, I build practical, open-source tools that cut through the noise. Every project I create is designed to question complex vulnerability data to bring clarity to the chaos, helping you prioritize what's important and protect what counts.

My open-source approach is core to this mission. I believe that by asking the community to challenge and contribute to my work, I build stronger, more resilient tools for everyone, creating a virtuous cycle of improvement and innovation.

— Jerry Gamblin

Open-Source Security Tools

Battle-tested solutions addressing your biggest vulnerability management challenges

CVE.ICU

Tired of drowning in CVE data? Transform vulnerability chaos into visual intelligence with interactive charts that reveal the patterns that matter. Our real-time dashboard, updated every 4 hours from the NVD, cuts through the noise to show you what's actually happening in the threat landscape.

✓ Spot emerging trends instantly
✓ Filter out the noise
✓ Make data-driven decisions
See CVE Patterns Now View Source Code

PatchThis.app

Stop playing patch roulette. Automatically prioritize critical patches based on actual risk to your systems, not just CVSS scores. Our proven approach dramatically reduces patch workload while maintaining complete security coverage.

✓ Risk-based prioritization
✓ Reduced patching overhead
✓ Focus on real threats
End Patch Chaos Now View Source Code

CVEforecast

See tomorrow's vulnerabilities today. Advanced predictive analytics that forecast vulnerability trends and emerging threat patterns. Stay ahead of the curve with machine learning-powered insights that help you prepare for what's coming next in the threat landscape.

✓ Predictive threat intelligence
✓ Early warning system
✓ Strategic security planning
Forecast Future Threats View Source Code

CNA Scorecard

Not all CVE sources are created equal. Get data-driven quality ratings for every CVE Numbering Authority so you can focus on reliable vulnerability intelligence and stop wasting time on inconsistent, low-quality reports.

✓ Trust verified sources
✓ Avoid poor-quality data
✓ Streamline intelligence workflows
Check CNA Quality Now View Source Code

Proven Expertise & Thought Leadership

Real-world vulnerability intelligence insights from the front lines of security

CVE Crisis: State of the Vulnerability Disclosure Landscape

August 7-10, 2025 AppSec Village at DEF CON 33, Las Vegas

Our vulnerability disclosure ecosystem is strained. NVD backlogs persist, while the CVE program, after a near-critical funding crisis impacting its stability, struggles with vulnerability volume and assignment consistency under ongoing resource pressure. CISA's role also evolves amidst these challenges. This talk dissects these US program issues and their impact on AppSec professionals, then examines rising global players like ENISA and other vulnerability databases, assessing their pros, cons, and impact on vulnerability management.

The Art of Concealment: CVE's Challenge with Transparency

August 5, 2025 14:30 BSidesLV, Las Vegas

In the cybersecurity world, the Common Vulnerabilities and Exposures (CVE) system serves as a cornerstone for understanding and mitigating security threats. However, the process of contributing to and utilizing CVE data is often hindered by issues related to transparency. This talk explores how the CVE community struggles with openness, examining why participants—such as vulnerability researchers, vendors, and users—may sometimes fall short of full disclosure.

The Quality Imperative for CVEs

Enhancing Vulnerability Reporting Standards

March 2025 VulnCon Virtual (FIRST.org)

Keynote presentation showcasing real-world data on CNA performance gaps and actionable solutions to improve vulnerability reporting quality. Learn how poor-quality CVE data costs security teams time and how we can fix it.

Using EPSS for Better Vulnerability Management

August 2024 AppSec Village at DEFCON 32, Las Vegas

Real-world case studies showing how the Exploit Prediction Scoring System (EPSS) can deliver a 70% reduction in patch workload while maintaining security coverage. Practical implementation strategies that work.

Speaking Engagements

Happy to share what I've learned about vulnerability intelligence

Available for Events & Conferences

Looking for practical vulnerability intelligence insights that your audience can actually implement? I deliver data-driven presentations that cut through the hype and provide actionable strategies your security teams can use immediately.

Data-Driven Insights

Real-world research and proven methodologies

Practical Solutions

Actionable strategies your teams can implement

Engaging Delivery

Interactive presentations that resonate with security professionals

Book Jerry as Speaker

Let's Talk Vulnerability Intelligence

Ready to transform your vulnerability management approach?
Let's connect.

Whether you're interested in collaborating on open-source projects, booking speaking engagements, or discussing how our tools can help your team cut through vulnerability chaos, I'd love to hear from you.

Start the Conversation