EU launches vulnerability database to tackle cybersecurity threats

The European Union launched on Tuesday its new vulnerability database to provide aggregated information regarding cybersecurity issues affecting various products and services.

Despite being known as the European Vulnerability Database, the service is more of a notification platform than a repository for vulnerability reports, resembling MITRE and the U.S. Department of Homeland Security’s Common Vulnerabilities and Exposures (CVE) Program.

Speaking to Recorded Future News last year, Hans de Vries, the head of the EU’s cybersecurity agency ENISA, said the agency did not want to create “a huge database that can very much be hacked and have all the exploits in.”

The CVE program is a critical utility within the cybersecurity sector, used by countless vendors, governments and critical infrastructure entities to identify and prioritise their response to new vulnerabilities that could expose their organisations to risk.

ENISA stated on Tuesday it was currently “in contact with MITRE to understand the impact and next steps” over questions regarding how that program is funded.

Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that the MITRE Corporation will continue operating the CVE program for at least another 11 months after federal cybersecurity officials confirmed that they temporarily extended their contract with the organization to keep the platform running.

At the time, many in the cybersecurity community expressed alarm following a letter from MITRE’s vice president which warned that funding for the CVE program was expiring and the federal government appeared to have no intention to renew the contract.

A MITRE spokesperson told Recorded Future News that were the contract to lapse, no new CVEs would be added to the program and the CVE program website online would eventually cease. MITRE said historical CVE records will be available on GitHub.