EU wants to support bedrock cyber vulnerability program, top official says
EU wants to support bedrock cyber vulnerability program, top official says
Publish Date: 2026-03-26 20:18:00
Source Domain: www.nextgov.com
SAN FRANCISCO — The European Union wants to assist with and help modernize a cornerstone cyber cataloging program after a contracting scare last year prompted renewed discussions and concerns over how to sustain the vulnerability-tracking system relied upon by hundreds of thousands of security practitioners worldwide.
The Common Vulnerabilities and Exposures Program faced a contracting fiasco last spring when MITRE, the non-profit research giant that funds much of the program’s functions, warned of an imminent end to federal backing for the project. The matter was addressed within hours amid outcry from the cybersecurity community.
The EU wants to help “build upon” the foundation of the program and “the great work that has been done there,” Hans de Vries, the chief cybersecurity and operational officer for the European Union Agency for Cybersecurity, or ENISA, said Thursday at the RSAC Conference in California.
After the initial contracting issue, EU member states asked ENISA to explore ways to strengthen the CVE process, de Vries explained.
“We cannot build on one contract alone, so we have to strengthen it, and make sure that foundation, that basic mechanism — and it’s a huge program — but that mechanism stays, and stays to the core that we want to build on,” he said.
CVE provides a standardized methodology for identifying and cataloging publicly known cybersecurity vulnerabilities. Each flaw is assigned a unique identifier, designed to help security researchers, vendors and officials more effectively communicate about the same issue. It was first launched in 1999.
The remarks from de Vries are some of the first showing how European officials are weighing a more formal role in contributing to the CVE program, amid growing concerns that its long-term stability cannot rely on a sole U.S. government contract.
Congressional staffers have also drafted legislation to codify the CVE program and address how the Cybersecurity and Infrastructure…
