GCVE Releases Draft Standard BCP-03 for Decentralized Vulnerability Publication

A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services.

The GCVE Working Group has released the draft for BCP-03, a new Decentralized Publication Standard. This standard allows Global Naming Authorities (GNAs) to publish vulnerability information directly via HTTP REST APIs or static files, removing reliance on a central system. Clients can discover these publication endpoints through the GCVE directory, enabling them to pull data from their own curated set of trusted sources. To facilitate adoption, a reference implementation is available in the open-source Vulnerability-Lookup project.