The world’s vulnerability tracking system is fragmenting, with the US government discontinuing funding for MITRE, the organization behind the widely used Common Vulnerabilities and Exposures (CVE) program. This has led to the emergence of alternative systems, including the EUVD (European Union Vulnerability Database), which has been developed by the European Union Agency for Cybersecurity (ENISA). The EUVD is designed to provide a standardized system for identifying vulnerabilities, but its future remains uncertain.
The discontinuation of CVE funding has sparked concerns about the reliability and impartiality of the US government’s commitment to ensuring the continuity of vulnerability management. This has led to calls for alternative systems that can provide a more permanent and universal solution. The EUVD is seen as a potential replacement or fallback option, but its use may be limited by regional regulatory governance.
The emergence of the EUVD coincides with the development of other global systems for identifying and numbering security flaws, including the Global CVE Allocation System (GCVE) and the new CVE Foundation. These alternatives aim to provide a more decentralized and neutral approach to vulnerability tracking, but their long-term viability remains uncertain.
As the world’s vulnerability management system breaks apart, experts warn that there is a risk of mistrust in the data and a lack of coordination between different systems. The future of CVE funding and its impact on the global vulnerability landscape will continue to be watched closely by the cybersecurity community.
Source: https://www.theregister.com/2025/04/18