GCVE.eu - Best Current Practice (BCP)

What is a GCVE.eu Best Current Practice (BCP)?

A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services.

While GCVE defines a decentralized vulnerability enumeration system, BCPs ensure alignment and interoperability across participants including GCVE Numbering Authorities (GNAs), users, automation systems, and data consumers.

GCVE BCPs are:

  • Descriptive, not prescriptive: They capture what is currently working well in practice, rather than enforce strict standards.
  • Consensus-based: Developed with input from the GCVE community and stakeholders.
  • Focused on interoperability and trust: They promote safe behaviors for exchanging and validating information within the GCVE ecosystem.
  • Evolving: BCPs are living documents. As practices improve and tools evolve, BCPs are revised to reflect the most effective methods available.

Typical BCP topics include (but are not limited to):

  • Cryptographic signature and integrity checks of GCVE directory file
  • Naming conventions for GNAs and GCVE identifiers
  • Secure publication and synchronization of directory information
  • API recommendations and distribute publication scheme

Adhering to GCVE BCPs is not mandatory, but strongly recommended to ensure the safety, usability, and compatibility of your implementation within the broader GCVE network.

Published BCP