CVE fallout: The splintering of the standard vulnerability tracking system has begun

⁨0⁩ ⁨likes⁩

Submitted ⁨⁨11⁩ ⁨months⁩ ago⁩ by ⁨Tea@programming.dev⁩ to ⁨technology@lemmy.world⁩

https://go.theregister.com/feed/www.theregister.com/2025/04/18/splintering_cve_bug_tracking/

source

Comments

Sort:hotnew top

0xD@infosec.pub ⁨11⁩ ⁨months⁩ ago
OMG I’ve been motherfucking looking for this piece of shit EUVD for the past weeks and only found references and info pages, but never the actual fucking database!! Finally I know it exists.

Why is it hidden? Why does it have that braindead URL? And why, for the love of god, does it have a separate numbering scheme?!

source
- JohnEdwa@sopuli.xyz ⁨11⁩ ⁨months⁩ ago
  
  And why, for the love of god, does it have a separate numbering scheme?!
  
  Because they want the ability to reference other vulnerability sources - like JVN - and not just CVE.
  
  The EUVD service builds upon the CVE system and vulnerabilities in the scope of the CVE numbering service receive a CVE. In addition, the EUVD data aggregates and enriches the vulnerability information and lists an EUVD ID on top of the CVE when new vulnerability entries are created. To allow further cross referencing, the CVE identifier and additional vulnerability identifiers are listed when available. -https://euvd.enisa.europa.eu/faq
  
  And because, you know, standards.
  
  source
- SinningStromgald@lemmy.world ⁨11⁩ ⁨months⁩ ago
  I can only assume the stories about CVE have pushed it to the top but I just search “European vulnerability database” and first link went to the database.
  
  source
zero_spelled_with_an_ecks@programming.dev ⁨11⁩ ⁨months⁩ ago
Could it be a good candidate for federation? There’s already a few naming standards that would allow a bit of a common ground. And maybe eliminate a few of the big points of failure.

source
- fmstrat@lemmy.nowsci.com ⁨11⁩ ⁨months⁩ ago
  Distributed hosting isn’t really a problem here, its distributed funding for the staff.
  
  source
thann@lemmy.dbzer0.com ⁨11⁩ ⁨months⁩ ago
Im sure DOGE will replace it with a more efficient way for the government to track all of the bugs its computers might be vulnerable to…

source
- bitjunkie@lemmy.world ⁨11⁩ ⁨months⁩ ago
  …and then send them directly to Putin’s cyberwarfare unit.
  
  source
masterspace@lemmy.ca ⁨11⁩ ⁨months⁩ ago
Lmao come on. Some people in the EU speak English and knew that naming your standard “European Union Venereal Disease” was a bad idea.

source
- BlueBockser@programming.dev ⁨11⁩ ⁨months⁩ ago
  But “Congenital Venereal Edema” is better?
  
  source
  - masterspace@lemmy.ca ⁨11⁩ ⁨months⁩ ago
    VD: www.urbandictionary.com/define.php?term=VD
    
    VE: www.urbandictionary.com/define.php?term=VE
    
    source
    -> View More Comments
Eyekaytee@aussie.zone ⁨11⁩ ⁨months⁩ ago
everything the US gov helps funds now has a question mark over whether it’ll still be here in 4 years…

source
- w3dd1e@lemm.ee ⁨11⁩ ⁨months⁩ ago
  I’m don’t trust any .gov sites anymore. If I’m researching and I see that it’s a government site, I move on. I can’t trust that info.
  
  The whole thing is scary
  
  source
  - IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com ⁨11⁩ ⁨months⁩ ago
    You can kinda trust them if you use an archived version of it from before.
    
    source
- hddsx@lemmy.ca ⁨11⁩ ⁨months⁩ ago
  Four years? Boy, you are optimistic
  
  source
  - Almacca@aussie.zone ⁨11⁩ ⁨months⁩ ago
    This shit seems to change by the minute.
    
    source
  - catloaf@lemm.ee ⁨11⁩ ⁨months⁩ ago
    It won’t be here next year, but it won’t be here in four years too.
    
    source
    -> View More Comments
  - Eyekaytee@aussie.zone ⁨11⁩ ⁨months⁩ ago
    tbf to the US they fund an absolute ton of things, eg. I didn’t realise they helped fund lets encrypt and now the CVE database either, I assume it’ll be a drip feed of things being cancelled slowly over time as they find them all
    
    Image
    
    source
    -> View More Comments