The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), a strategic move designed to enhance digital security across the bloc and reduce reliance on U.S.-centric cybersecurity infrastructure.
The EUVD, now live for consultation, aggregates vulnerability data from a wide range of sources, including national Computer Security Incident Response Teams (CSIRTs), software vendors, and international feeds such as the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalogue. Crucially, the platform assigns its own unique EUVD identifiers, creating a parallel system to the U.S.-funded Common Vulnerabilities and Exposures (CVE) system.
For many cybersecurity professionals, the EUVD represents more than just another technical tool; it marks a shift in global cybersecurity governance.
“Relying solely on a US-funded MITRE CVE system disrupted the ‘global ecosystem,’” said Dray Agha, senior manager of security operations at Huntress. “And to be fair, nothing is stopping this from happening again for CVE or other US-funded programmes as funding or governance issues arise. Alternatives like EUVD offer much-needed backup and continuity, as well as an opportunity to geopolitically reframe this system.”
Dray added that an EU-led database can better prioritise vulnerabilities specific to European infrastructure, regulation, and language, potentially improving regional threat intelligence. However, he cautioned that a fragmented approach without clear interoperability could cause friction: “For defenders like us, the value lies in how well EUVD integrates with existing platforms. Without strong interoperability with CVE, this risks creating noise rather than clarity.”
Boris Cipot, senior security engineer at Black Duck, echoed the sentiment that ..
Support the originator by clicking the read the rest link below.
