As US vuln-tracking falters, EU enters with its own security bug database

https://www.theregister.com/2025/05/13/eu_security_bug_database/

105•voxadam•8h ago

Comments

ta1243•7h ago

The is from a 2022 EU directive, well before recent US government actions, it's been developed for quite some time.

OJFord•7h ago

TFA doesn't hide or sensationalise that, makes the point that it's timely.

Kon-Peki•4h ago

The EU Cyber Resilience Act, which is now in effect (but not fully enforced until 2027/2028), has additional details and also includes a reporting requirement (articles 14, 15, and 16).

devrandoom•7h ago

It's sad to see the US being dismantled from within.

loloquwowndueo•6h ago

Is it though? pass the popcorn

lenerdenator•5h ago

For most sane people, yes.

Duwensatzaj•5h ago

I’m very torn. Obviously USAID, NSF and academia in general do valuable things. But when organizations get hijacked and used as a slush fund to fund naked ideological activities and organizations barely related to the original purpose, I’m not surprised when the eventual response is to just hack and slash. I wish it was done more thoughtfully and carefully, but that doesn’t appear to be a choice. Just a choice of funding hostile NGOs and academics who endorse discrimination in education, employment, health care and even law nowadays or the current mess. It all sucks and I don’t have any solutions other than focusing on my career and family.

stavros•4h ago

I'm out of the loop, can you give some context as to what you're talking about? What were they funding?

asacrowflies•4h ago

They have no sources other than being oppressed by the woke agenda and discrimination because the white male throne is threatened in anyway shape or form. This is hacker news after all.

HideousKojima•4h ago

https://en.m.wikipedia.org/wiki/Students_for_Fair_Admissions...

Educational institutions that have been banned from practicing racial discrimination in admissions (such as all public universities in California since the 90's) have insisted on continuing to find other ways to covertly racially discriminate in admissions. It's clear from their actions that racial discrimination in admissions is a fundamental value for these institutions, and they should not receive any taxpayer funding until they stop such disgusting and bigoted behavior.

Stop carrying water for them.

https://www.npr.org/2023/06/30/1185226895/heres-what-happene...

wvenable•4h ago

> But when organizations get hijacked

I haven't seen any reasonable evidence on this. I'm not saying that evidence doesn't exist, it's just everything that I've heard so far as been debunked. The current administration has been shown to lie and exaggerate over and over to justify these actions so I don't know why anyone would assume they're telling the truth about this.

gadders•7h ago

"Register readers — especially those tasked with vulnerability management — will recall that the US government's funding for the CVE program was set to expire in April until the US Cybersecurity and Infrastructure Security Agency, aka CISA, swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative."

https://en.wikipedia.org/wiki/Washington_Monument_syndrome

j_walter•6h ago

>>>and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.

You mean the 24 hour period where people freaked out and assumed things that weren't true? The renewal came down to the wire just like most do during negotiations...MITRE tossed the news out there to stir up concerns but it was all just sensationalized. A "funding lapse" is not the same as "contract not renewed yet"...

lesuorac•6h ago

"This comes after the Feds decided not to renew their long-standing contract with nonprofit research hub MITRE to operate the CVE database." [1]

Doesn't seem like an untrue assumption. Feds decided not to renew the contract, people got upset, and later the feds decided to renew the contract the night it would expire [1].

This is like saying Y2K is a nothingburger because people updated the code to handle more than 2 digit years. It's because of the people getting upset that triggered a preventative measure preventing the problem. It's just the superman movie [2], if the kid just listened to clark kent then superman would've never been necessary.

[1]: https://www.theregister.com/2025/04/16/cve_program_funding_s...

[2]: https://youtu.be/-ikd_hRnVR4?t=69

j_walter•4h ago

Review Peter Allor's comments...struggles on who pays and who should be the long term controller of this program was what led to the push right up to the last minute. As usual in government if you don't push hard enough nothing will change...and I still see nothing from CISA regarding their views on what happened...all we see is conjecture from MITRE and joy because they got their $$$.

tptacek•5h ago

This is a weird headline, because CISA did in fact end up funding NVD.

I wish people cared less about this particular issue, though, because we'd do fine with a non-government-sponsored CVE.

daveguy•5h ago

Well it certainly did falter (but not cease) due to incompetent leadership and guidance. We are seeing it throughout the government because the primary goal of this administration is to dismantle so that it can be reformed for their benefit.

It's more of a "break fast and move things" approach.

stogot•4h ago

Nothing broke beyond perception. It’s still operating roughly as before right?

DrillShopper•3h ago

Yes, but who in industry is going to expect it to be there in the future given what the current administration is doing?

tptacek•2h ago

MITRE could just take the existing database and pass a hat around to industry and keep the current program going.

hanlonsrazor•4h ago

Quite so. I would love to see an open sourced CVE database. It is for the public, it should be by the public.

c7b•4h ago

What do you mean? A government service is a public service, by any conventional use of the term. Public/private is orthogonal to open source.

aerostable_slug•2h ago

Community-maintained might be a better phrasing.

There's no particular reason a vulnerability database needs to be government-sponsored, and some compelling reasons why it shouldn't be "owned" by one government or another (one being guaranteed continuity even during seasons of change).

tedivm•4h ago

Yeah, this was going to happen regardless of the US.

> The European Union Agency for Cybersecurity (ENISA) first announced the project in June 2024 under a mandate from the EU's Network and Information Security 2 Directive, and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.

davidw•5h ago

If European leaders were quick on their feet and smart, they would be dialing up the "brain-draining" of the US to 11.

t-writescode•4h ago

What would that look like? I imagine most Europeans don’t want to recreate the United Stated and its personality in their countries, for example.

And many countries already have relatively easy visa processes for skilled workers, which would be what these scientists, developers, etc are.

davidw•4h ago

Importing a bunch of scientists wouldn't 'recreate the US'. A decent number of the scientists are probably not originally from the US anyway.

It'd involve spending money to sponsor research and clear a path for people to come over. Make it really easy.

Asraelite•3h ago

Fast-tracked citizenship.

ironmagma•41m ago

The brains are not the problem in this scenario.

Havoc•3h ago

They kinda did already

https://arstechnica.com/science/2025/05/europe-launches-prog...

Not a massive program, but shows there is intent

Branch Privilege Injection: Exploiting branch predictor race conditions

Starcloud

Show HN: Helixdb – Open-source vector-graph database for AI applications (Rust)

Build Real-Time Knowledge Graph for Documents with LLM

Multiple security issues in GNU Screen

Failed Soviet Venus lander Kosmos 482 crashes to Earth after 53 years in orbit

PDF to Text, a challenging problem

Launch HN: Miyagi (YC W25) turns YouTube videos into online, interactive courses

It Awaits Your Experiments

Google is building its own DeX: First look at Android's Desktop Mode

OpenTelemetry protocol with Apache Arrow

Ask HN: How are you acquiring your first hundred users?

Turritopsis dohrnii: Immortal jellyfish

Membrane: Media Framework for Elixir

I learned Snobol and then wrote a toy Forth

Why are banks still getting authentication so wrong?

Garbage Collection of Object Storage at Scale

Don't unwrap options: There are better ways (2024)

The Battle to Bottle Palm Wine (2021)

Insurers launch cover for losses caused by AI chatbot errors

Mill as a direct style build tool

In a high-stress work environment, prioritize relationships

PyPI Organizations (2023)

A Taxonomy of Bugs

One hundred and one rules of effective living

TheForger's Win32 API Tutorial

Odin: A programming language made for me

The world could run on older hardware if software optimization was a priority

Using Obscure Graph Theory to Solve Programming Languages Problems

The great displacement is already well underway?