On Tue, May 13, 2025 at 07:43:37PM +0100, Graeme Fowler wrote: > EUVD is in beta testing - given all the shenanigans with MITRE and CVE, it > might be worth checking out. > > https://euvd.enisa.europa.eu/about
To make this more useful in list archives, here's what the above web page says at this time: > As per the NIS2 Directive, ENISA is mandated to develop and maintain the > European vulnerability database. > > Access to reliable and timely information about vulnerabilities > affecting Information and Communication Technology (ICT) products and > services contributes to an enhanced cybersecurity risk management. > Sources of publicly available information about vulnerabilities are an > important tool for users of these services, competent authorities, and > the broader cybersecurity community. ENISA has established a European > Vulnerability Database (EUVD) where entities, regardless of whether they > fall within the scope of the NIS2 Directive, and their suppliers of > network and information systems, as well as competent authorities, most > notably CSIRTs, can voluntarily disclose and register publicly known > vulnerabilities to allow users to take appropriate mitigating measures. > > In line with Coordinated Vulnerability Disclosure practices, which aim > at providing improved transparency regarding the publication process, > the EUVD is eventually used to publicly disclose the vulnerability > information. > > To avoid efforts duplication and to support complementarity, ENISA > closely cooperates with MITRE and European as well as non-European > operators of the Common Vulnerabilities and Exposures (CVE) system. In > this context, ENISA offers vulnerability registry services after its > onboarding as a CVE Numbering Authority (CNA), with a focus on > vulnerabilities in IT products discovered by or reported to European > CSIRTs for coordinated disclosure. > > Following its official launch, ENISA will continue engaging with its > stakeholders to further develop and improve the EUVD service catalogue. This is the entirety of content specific to the /about page (the rest of content at that URL is header and footer common with other pages). Alexander
