CVE fallout: The splintering of the standard vulnerability tracking system has begun

Comments

• 0xD@infosec.pub ⁨1⁩ ⁨year⁩ ago

  OMG I’ve been motherfucking looking for this piece of shit EUVD for the past weeks and only found references and info pages, but never the actual fucking database!! Finally I know it exists.

  Why is it hidden? Why does it have that braindead URL? And why, for the love of god, does it have a separate numbering scheme?!

  source

  • JohnEdwa@sopuli.xyz ⁨1⁩ ⁨year⁩ ago

    And why, for the love of god, does it have a separate numbering scheme?!

    Because they want the ability to reference other vulnerability sources - like JVN - and not just CVE.

    The EUVD service builds upon the CVE system and vulnerabilities in the scope of the CVE numbering service receive a CVE. In addition, the EUVD data aggregates and enriches the vulnerability information and lists an EUVD ID on top of the CVE when new vulnerability entries are created. To allow further cross referencing, the CVE identifier and additional vulnerability identifiers are listed when available. -https://euvd.enisa.europa.eu/faq

    And because, you know, standards.

    source
  • SinningStromgald@lemmy.world ⁨1⁩ ⁨year⁩ ago

    I can only assume the stories about CVE have pushed it to the top but I just search “European vulnerability database” and first link went to the database.

    source
• zero_spelled_with_an_ecks@programming.dev ⁨1⁩ ⁨year⁩ ago

  Could it be a good candidate for federation? There’s already a few naming standards that would allow a bit of a common ground. And maybe eliminate a few of the big points of failure.

  source

  • fmstrat@lemmy.nowsci.com ⁨1⁩ ⁨year⁩ ago

    Distributed hosting isn’t really a problem here, its distributed funding for the staff.

    source
• thann@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago

  Im sure DOGE will replace it with a more efficient way for the government to track all of the bugs its computers might be vulnerable to…

  source

  • bitjunkie@lemmy.world ⁨1⁩ ⁨year⁩ ago

    …and then send them directly to Putin’s cyberwarfare unit.

    source
• masterspace@lemmy.ca ⁨1⁩ ⁨year⁩ ago

  Lmao come on. Some people in the EU speak English and knew that naming your standard “European Union Venereal Disease” was a bad idea.

  source

  • BlueBockser@programming.dev ⁨1⁩ ⁨year⁩ ago

    But “Congenital Venereal Edema” is better?

    source

    • masterspace@lemmy.ca ⁨1⁩ ⁨year⁩ ago

      VD: www.urbandictionary.com/define.php?term=VD

      VE: www.urbandictionary.com/define.php?term=VE

      source

      • -> View More Comments
• Eyekaytee@aussie.zone ⁨1⁩ ⁨year⁩ ago

  everything the US gov helps funds now has a question mark over whether it’ll still be here in 4 years…

  source

  • w3dd1e@lemm.ee ⁨1⁩ ⁨year⁩ ago

    I’m don’t trust any .gov sites anymore. If I’m researching and I see that it’s a government site, I move on. I can’t trust that info.

    The whole thing is scary

    source

    • IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago

      You can kinda trust them if you use an archived version of it from before.

      source
  • hddsx@lemmy.ca ⁨1⁩ ⁨year⁩ ago

    Four years? Boy, you are optimistic

    source

    • Almacca@aussie.zone ⁨1⁩ ⁨year⁩ ago

      This shit seems to change by the minute.

      source
    • catloaf@lemm.ee ⁨1⁩ ⁨year⁩ ago

      It won’t be here next year, but it won’t be here in four years too.

      source

      • -> View More Comments
    • Eyekaytee@aussie.zone ⁨1⁩ ⁨year⁩ ago

      tbf to the US they fund an absolute ton of things, eg. I didn’t realise they helped fund lets encrypt and now the CVE database either, I assume it’ll be a drip feed of things being cancelled slowly over time as they find them all

      Image

      source

      • -> View More Comments