International Cyber Expo International Cyber Expo
  • About Us
Friday, 17 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience

by The Gurus
May 14, 2025
in News
ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience
Share on FacebookShare on Twitter

The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), a strategic move designed to enhance digital security across the bloc and reduce reliance on U.S.-centric cybersecurity infrastructure.

The EUVD, now live for consultation, aggregates vulnerability data from a wide range of sources, including national Computer Security Incident Response Teams (CSIRTs), software vendors, and international feeds such as the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalogue. Crucially, the platform assigns its own unique EUVD identifiers, creating a parallel system to the U.S.-funded Common Vulnerabilities and Exposures (CVE) system.

For many cybersecurity professionals, the EUVD represents more than just another technical tool; it marks a shift in global cybersecurity governance.

“Relying solely on a US-funded MITRE CVE system disrupted the ‘global ecosystem,’” said Dray Agha, senior manager of security operations at Huntress. “And to be fair, nothing is stopping this from happening again for CVE or other US-funded programmes as funding or governance issues arise. Alternatives like EUVD offer much-needed backup and continuity, as well as an opportunity to geopolitically reframe this system.”

Dray added that an EU-led database can better prioritise vulnerabilities specific to European infrastructure, regulation, and language, potentially improving regional threat intelligence. However, he cautioned that a fragmented approach without clear interoperability could cause friction: “For defenders like us, the value lies in how well EUVD integrates with existing platforms. Without strong interoperability with CVE, this risks creating noise rather than clarity.”

Boris Cipot, senior security engineer at Black Duck, echoed the sentiment that the EUVD adds both opportunity and complexity. “One clear benefit is reducing the reliance on the U.S. National Vulnerability Database (NVD) as a single source of truth,” he said, noting that the emergence of multiple regional databases, such as China’s CNVD, already poses language and regulatory challenges for global businesses.

He pointed to Software Composition Analysis (SCA) tools as a practical solution.“These tools aggregate vulnerability data from various sources, including different regional databases, and present it to customers. Organisations that rely solely on the U.S. NVD should evaluate how their SCA tools incorporate new sources like the EUVD.”

From a technical perspective, the EUVD’s unique identifier system is a notable advancement, said Sudesh Yalavarthi, senior incident response analyst at Pentest People. “It allows EUVD not only to track vulnerabilities that may already have CVE IDs but also to potentially assign identifiers to vulnerabilities before a CVE is issued, or if the CVE system faces disruption.”

He added that if the EUVD evolves to accept direct vulnerability submissions, it could transition from a secondary aggregator to a primary vulnerability database and even a CVE Numbering Authority (CNA). “Politically, EUVD represents a significant step towards European strategic autonomy in cybersecurity,” said Yalavarthi.

Gavin Knapp, Cyber Threat Intelligence Principal Lead at Bridewell, welcomed the move, noting that concerns around potential funding cuts to projects like MITRE’s CVE underscore the need for diversified sources. “Introducing any new data source, including the EVD, requires organisations to adapt their processes,” he said. “There will be an initial effort to integrate the EVD and ensure effective de-duplication against existing sources, but the long-term benefits of increased coverage and resilience are significant.” He also highlighted the challenge ahead: as technologies like AI and large language models accelerate software development, databases like the EVD must keep pace with a growing volume of vulnerabilities.

As the EU continues to push for digital sovereignty, the launch of EUVD is both a symbolic and functional milestone. Yet, cybersecurity experts stress that its success will depend on its ability to complement, not complicate, the global vulnerability disclosure ecosystem.

Looking Ahead

ENISA has made clear that the EUVD is just the beginning. While it currently aggregates and enriches data, its architecture allows for future enhancements, including the ability to become a CNA or accept direct submissions, which would elevate its global relevance even further. The launch comes at a time when Europe is under growing pressure to take charge of its own cybersecurity infrastructure. With persistent threats, geopolitical tensions, and delays in international vulnerability reporting, the EUVD could emerge as a cornerstone of Europe’s cyber defence strategy.

ShareTweet
Previous Post

AI Agents: Transformative or Turbulent?

Next Post

Salt Security Partners With Wiz, Combines Cloud and API Security

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol