Europe’s GCVE Raises Concerns Over Fragmentation in Vulnerability Databases

Europe’s GCVE Raises Concerns Over Fragmentation in Vulnerability Databases www.darkreading.com/cyber-ris… In response to continued uncertainty around the future of the MITRE-run Common Vulnerabilities and Exposures (CVE) program, a European cybersecurity organization has launched the Global CVE Allocation System (GCVE) to identify software security vulnerabilities. Experts anticipate this move could lead to significant fragmentation in how organizations track and manage security flaws. The existing CVE program experienced notable instability in 2025. Government funding nearly ceased last April, a situation that would have forced a complete shutdown of the program. A last-minute contract extension between the Cybersecurity and Infrastructure Security Agency (CISA) and MITRE preserved the CVE program; however, that contract is set to expire this March. With the future of CVE funding still uncertain, several organizations have begun exploring competing models. The European Union’s GCVE is a vulnerability identification and numbering system designed to “improve flexibility, scalability, and autonomy for participating entities,” according to its website. Operated by the Computer Incident Response Center Luxembourg (CIRCL), the initiative has been in development since last April. The GCVE system is positioned within the European Union’s broader cybersecurity infrastructure, which includes the European Union Vulnerability Database. That database is based on CIRCL’s vulnerability-lookup software.