The European Cyber Security Organisation (ECSO) has been following with great concern the recent developments regarding MITRE’s role in the management of Common Vulnerabilities and Exposures (CVE) programme‘s IDs.
The significance of a vulnerability numbering system cannot be overstated for the global cybersecurity community. Without efficient management of vulnerabilities identifiers, the cybersecurity of critical infrastructure, systems, and products is at risk. Both private and public entities will face substantial challenges in exchanging information about vulnerabilities, comparing reports, sharing advisories, and, most importantly, swiftly managing security patching.
We believe this is a pivotal moment for European cybersecurity professionals to step up and identify a viable alternative solution. Given the CVEs strategic role, a public-private partnership should be created to assign and manage vulnerability identifiers, in Europe and beyond. This can only enhance the European cybersecurity posture and ensure that Europe plays a leading role in cybersecurity.
ECSO Members and the ECSO CISO Community stand ready to support European initiatives aimed at making the vulnerability ecosystem more transparent, trustworthy, and independent.
About ECSO
The European Cyber Security Organisation (ECSO) is the pan-european, private-public federation (non–profit) developing Europe’s cybersecurity resilience and strategic autonomy. Established in 2016 as the European Commission’s contractual partner for the Public-Private Partnership in Cybersecurity, ECSO unites more than 320 stakeholders—including businesses of all sizes, public administrations, research centres and many more—and provides a platform for dialogue, knowledge sharing, visibility opportunities, industry advocacy, and further public-private collaboration.
