Ethical Hacking News
The European Union has launched its own vulnerability tracking system, the European Vulnerability Database (EUVD), which marks a significant shift away from the US-centric approach. The EUVD provides a more transparent and collaborative model for managing vulnerabilities and risks, ensuring that users have access to essential information about affected ICT products and services.
The European Union has launched the European Vulnerability Database (EUVD) to address the US-centric approach in vulnerability tracking. The EUVD provides a more collaborative and transparent model for managing vulnerabilities and risks. The database ensures transparency to all users of affected ICT products and services, serving as an efficient source of information for finding mitigation measures. The launch comes after the US government's funding for the Common Vulnerabilities and Exposures (CVE) program was set to expire in April. Despite a last-minute renewal of the CVE contract with MITRE, concerns remain about the future of the program due to slashing cybersecurity funding and key employee departures.
As the United States struggles to maintain its vulnerability tracking systems, the European Union has stepped in to fill the void. The launch of the European Vulnerability Database (EUVD) marks a significant shift away from the US-centric approach and towards a more collaborative and transparent model.
The EUVD is an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with it. According to Juhan Lepassaar, Executive Director of ENISA, the database ensures transparency to all users of the affected ICT products and services, serving as an efficient source of information for finding mitigation measures.
This development comes at a time when the US government's funding for the Common Vulnerabilities and Exposures (CVE) program was set to expire in April. However, the US Cybersecurity and Infrastructure Security Agency (CISA) swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative.
Despite this reprieve, concerns have been raised about the future of the CVE program. The US government has been slashing cybersecurity funding while key federal employees responsible for the US government's secure-by-design program have jumped ship.
The lack of transparency in vulnerability disclosures has also led to criticism. The US NVD, which is still struggling with a backlog of vulnerability submissions and is not very easy to navigate, stands as an example of this issue.
In contrast, the EUVD provides three dashboard views: one for critical vulnerabilities, one for those actively exploited, and one for those coordinated by members of the EU CSIRTs network. Information is sourced from open-source databases as well as advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, and exploited vulnerability details.
ENISA is also a CVE Numbering Authority (CNA), meaning it can assign CVE identifiers and coordinate vulnerability disclosures under the CVE program. However, even as an active CNA, ENISA seems to be in the dark about what's next for the embattled US-government-funded CVE program, which is only under contract with MITRE until next March.
The launch announcement notes that "ENISA is in contact with MITRE to understand the impact and next steps following the announcement on the funding to the Common Vulnerabilities and Exposures Program."
This development marks a significant shift away from the US-centric approach and towards a more collaborative and transparent model. The EUVD provides an essential tool for managing vulnerabilities and risks, ensuring transparency and serving as an efficient source of information for finding mitigation measures.
Related Information:
https://www.ethicalhackingnews.com/articles/The-European-Union-Enters-the-Vulnerability-Tracking-Scene-EUVD-Marks-a-Shift-Away-from-US-Centric-Approach-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/13/eu_security_bug_database/
Published: Tue May 13 05:21:58 2025 by llama3.2 3B Q4_K_M
