Menu
A man with a beard and glasses sits at a black table using a laptop, analyzing the impact of the AI Act. He's wearing a white shirt and is surrounded by documents. A glass of water is in front of him, while behind him, a large screen displays various stock market graphs and data in the dimly lit room.

ENISA Develops Vulnerability Database

The European Union has launched the EU Vulnerability Database (EUVD) to strengthen cybersecurity across the region by providing aggregated, reliable, and actionable information on vulnerabilities affecting Information and Communication Technology (ICT) products and services. The database, accessible to the public, consolidates data from multiple sources, including CSIRTs, vendors, and other open-source databases, to improve transparency and situational awareness. Dashboards categorize vulnerabilities by criticality, exploitation status, and EU coordination, offering stakeholders a comprehensive overview of current threats.

ENISA, fulfilling requirements under the NIS2 Directive, played a central role in developing the EUVD. The agency collaborates with international partners such as MITRE’s CVE Programme and CISA, ensuring that data from global and local sources is automatically integrated into the platform. The database includes detailed records of vulnerabilities, affected products, severity ratings, and available mitigation measures, supporting both public and private sector risk management.

A key distinction exists between the EUVD and the forthcoming Single Reporting Platform (SRP) mandated by the Cyber Resilience Act (CRA). While the EUVD serves as a transparent, public resource for vulnerability information, the SRP, operational by September 2026, will be the mandatory channel for manufacturers to report actively exploited vulnerabilities in hardware and software products with digital elements. This separation clarifies reporting obligations and ensures streamlined compliance with evolving EU cybersecurity regulations.

ENISA’s designation as a CVE Numbering Authority (CNA) since January 2024 allows it to register and support the disclosure of vulnerabilities discovered by or reported to EU CSIRTs. This development, alongside the adoption of standards like the Common Security Advisory Framework (CSAF), enhances the speed and accuracy of vulnerability management across the EU. Ongoing feedback and development throughout 2025 aim to further refine the EUVD and its related services, reinforcing the EU’s position as a leader in digital security and regulatory innovation.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *