EU builds its own database for cyber security – because the USA shocked it today

When it comes to the CVE program’s financing stop, the EU reacts quickly. (Image source: Rawku5, Adobe Stock)

The wave of cuts in the United States almost threatened the cyber security of the whole world. The CVE program, which acts as a central number system for security gaps, almost lost its financing. But the EU reacts quickly and brings its own database to the start.

Background:

It was only recently announced that the US Ministry of Homeland would hire the financing of the CVE program today. The program has been creating uniform IDs for security gaps for 25 years.

One of the program would have threatened cyber security around the world. According to The Register, 40,000 such codes were registered last year alone.

But now the EU cyber security authority reacted quickly.

What is the CVE program?

Cve stands for Common Vulnerabilities and Exposures, So about: Known weaknesses and security gaps. The program works like a number system for software errors: If a new error is discovered, it receives a clear identifier.

For example, CVE-2014-0160 is the code for the famous HeartBleed bug, which also hit Minecraft players in 2014.

The naming system ensures an important uniformity: authorities, IT companies, developers and security services all over the world work with the same names if you report, analyze and remedy weaknesses.

So far, the non -profit organization Mitre in the United States has been responsible for allocating the weakness codes.

3:20

Pokémon meets Minecraft – in Tomo: Endless Blue you catch monsters and build up your dream world

EU found its own weak position database

According to Heise, the EU cyber security authority Enisa (European Network and Information Security Agency) announced in June 2024 that she was working on its own database that European Vulnerability Database. After their website was subjected to a function test at the beginning of April, the authorities now took the opportunity and finally bring them to the start.

But that’s not the only effort to maintain the services:

• In the United States, a new non-commercial foundation, the CVE Foundation, was founded by long-time members of the CVE board.
• The Computer Incident Response Center Luxembourg (CIRCL) founds that Global CVE Allocation System (Gcve). This should enable a decentralized award of weakness codes.
  Shortly said: GCVE is expanding the number system by another identifier for the respective procurement authority.

Doge continues to rage in the USA

While resistance is stirring abroad and under non-profit organizations, the US security authority CISA has quickly extended the financing of the CVE program by 11 months.

However, according to Heise, Cisa should also suffer from Elon Musks Doge. The tech billionaire was made by Trump as chairman of the Department of Government Efficiency (Doge), citing the neoliberal economist Milton Friedman to drastically reduce government spending.

According to a report by the local news portal Virginia Business from the beginning of April, the organization Mitre, which was previously responsible for the allocation of the weakness codes, is also to be poorer by over 400 employees in June.

The developments around the CVE database show how strongly the geopolitical and economic factors can influence the cyber security landscape. The quick reaction of the EU could be a crucial step in making global IT security more independent of external financial and political fluctuations.