CVE fallout: The splintering of the standard vulnerability tracking system has begun

Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.

Earlier this week, the widely used Common Vulnerabilities and Exposures (CVE) program faced doom as the US government discontinued funding for MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute, and promised another 11 months of cash to keep the program going.

Meanwhile, the EU is rolling its own.

The European Union Agency for Cybersecurity (ENISA) developed and maintains this alternative, which is known as the EUVD, or the European Union Vulnerability Database. The EU mandated its creation under the Network and Information Security 2 Directive, and ENISA announced it last June.

The EUVD is similar to the US government's NVD, or National Vulnerability Database, in that it organizes disclosed bugs by their CVE-assigned unique ID, documents their impact, and links to advisories and patches ...