For two decades, the cybersecurity world has relied on a single source of truth: the US National Vulnerability Database (NVD). If a vulnerability existed, it had a CVE ID, and the NVD told you how bad it was. But in 2024 and 2025, that foundation cracked. Funding disputes and massive backlogs left the NVD largely stagnant, forcing the world to wake up to a dangerous reality: we had a single point of failure for global digital security. In response, the European Union has just launched the European Vulnerability Database (EUVD), a move that signals a permanent shift toward digital sovereignty. But where does this leave the UK, caught between a faltering US giant and a new European fortress it has just left? What these developments mean for vulnerability programs in the EU and the UK? 🇪🇺 The EU Perspective: Strategic Autonomy & Resilience For the European Union, the launch of the EUVD (managed by ENISA) is not just a technical backup plan, it is a declaration of independence. 1. Decoupling from US Instability The recent Reuters reports on US funding running out for the NVD highlighted a critical risk: European security cannot depend on the US Congress passing a...
Continue reading