In this session, Tod Beardsley (runZero) sits down with Rishi Sharma (ProjectDiscovery) to discuss the origins and impact of Nuclei, an open-source framework that has revolutionized how security teams validate vulnerabilities. Rishi explains that Nuclei was born out of the need to cut through the noise generated by traditional vulnerability scanners, which often flag thousands of potentially vulnerable instances based on version detection alone. By using simple, YAML-based templates, Nuclei allows security professionals to describe the exact steps a human would take to verify an exploit, providing a clear signal of which assets are truly at risk and need immediate remediation.
The conversation delves into the power of community-driven security, highlighting how Nuclei’s simple template structure has enabled global collaboration. With contributions from pentester's, bug bounty hunters, and researchers around the world, the framework can now produce verified exploit templates in hours rather than days. Rishi notes that this speed is critical in a landscape where the time to exploit is shrinking, and he details how ProjectDiscovery’s bug bounty program incentivizes researchers to not only write new templates but also validate existing ones to ensure high quality and reduce false positives.
Watch more sessions from runZero Day
| Session Title | Guests | |
|---|---|---|
| Watch Session | A CVE quagmire: Quality versus quantity | Jerry Gamblin, RogoLabs |
| Watch Session | Predicting exploitation: A practitioner's guide | Jay Jacobs, Empirical Security |
| Watch Session | Signal vs slop: Journalists on the evolution of research-driven reporting | Bill Brenner, CYBER.SEC.Community Dennis Fisher, Decipher Steve Ragan, 1Password |
| Watch Session | On the frontlines of investigative journalism in cybersecurity: An insider's perspective | Joseph Menn, Author & Investigative Journalist |
| Watch Session | From risk to resilience: Navigating OT security in a converged world | Mary Gannon, GuidePoint Security Patrick Gillespie, GuidePoint Security |
| Watch Session | Force multiplied: Community-powered vuln detection | Rishi Sharma, ProjectDiscovery |
| Watch Session | Mute the sirens: Prioritizing vulnerability noise | Mark Lambert, ArmorCode |
| Watch Session | The network edge: EOL and exploitation | Kimber Duke, VulnCheck Patrick Garrity, VulnCheck |
| Watch Session | Bug bounties in the age of AI | Casey Ellis, Bugcrowd |
| Watch Session | Perimeters and pathways: Protecting the complete attack surface | HD Moore, runZero Jared Atkinson, SpecterOps Zakir Durumeric, Censys |
| Watch Session | The infinite eye: How AI threat intelligence gives defenders an asymmetric edge | HD Moore, runZero Jonathan Cran, Mallory |
Meet Our Speakers
todb
VP of Security Research, runZero
Rishiraj Sharma
Co-Founder & CEO ProjectDiscovery.io
Get the latest news and expert insights delivered in your inbox.
