Under the impression of an adjacent CVE shutdown, various initiatives and organizations tried to start the option in the morning of 16 April. CVE means for general weaknesses and exposure (general weaknesses and threats) and works internationally to document the safety intervals.
The limit of efforts is quite impressive: while another CVE wanted to focus on organizational transfer of the system, the European Union Cyber Safety Authority Anisa kept her alternative solution announced since last year.
In early June 2024, ENISA (European Network and Information Safety Agency) announced that it was working according to the NIS2 guideline as a weak database called European vulnerable database on an own weak database. The database was surprisingly online in early April – but only for a few hours. When asked by Hauz Security, an Anisa spokesperson replied that it was a functional test during development. After the announcement of a friendly decomitioning friend, it was clearly decided in Athens to make nails with their heads and use the hour side.
CISA: But contract expansion?
The US Cyber Safety Authority CISA has clearly used an option and has increased the contract ending in the final seconds. At least it is reported by Matocurity on Mastodon, which cites anonymous speakers in Matter and Sisa. Responsible will only wait for the signature; There will be “good news” soon. As soon as these good news comes, we will update this message.
This will be due to dog -related cuts in June in MITTRRRE in the US state of Virginia Over 400 dismissal The local news portal Virginia Business reported. By June 3, 2025, 442 people should lose their positions as various American government agencies would have abolished their contracts with Miter, the report continued.
Want to change GCVE and CVE Foundation System
CIRCCL (Computer Accident Response Center Luxmburg, Small State Government Computer Response Team) also saw the opportunity to clearly find its CVE project: GCVE“Global CVE Allocation System”, unlike the current approach of the US and Mitre-centric, should receive a decentralized allocation of vulnerable identifiers and remain CVE compatible at the same time. The main point CVE-Lingo CNA (CVE Numbering Authority), currently includes the year and running number for an identifier for the Award Authority, is the expansion of the CVE ID. So a GCVE ID looks like this: GCVE-12-2024-12345This enables each CNA to use its own running numbers without denying all other contractors.
The assignment of CVE to GCVE is also successful with a trick: CNA number 0 is reserved for traditional CVE ID, CVE-2024-12345 So be a gcve-id GCVE-0-2024-12345It does not work in the opposite direction because CNA coding is lost. Circle has considered itself the CNA ID 1 as the Surjaj.
A “CVE Foundation” also spoke with a statement. On the “Thecvefoundation.org” domain registered on 15 April, unknown author writes that he is part of the “long-active members of the CVE board”, which would have spent the previous year to plan infection for his non-commercial foundation of the CVE system. In the next few days, the author continues to publish more information about the structure, plan and possibilities of participation for the community.
Heise Security approached the Cve Foundation on the afternoon of 16 April and sought a statement to identify the project participants – as soon as we receive the response, we will update this message. It is currently completely open as to whether the initiative to modernize and decentralize the CVE system is actually applied.
(CKU)
