News
Join Us at the FIRSTCON25 Hackathon: Advancing GCVE.eu Initiative
We will be at the first FIRST.org hackathon, organized during the FIRST Annual Conference in Copenhagen. The hackathon, FIRSTCON25, will take place in person at the 37th Annual FIRST Conference on Sunday, 22nd June, in Copenhagen. During the hackathon, various topics and projects (not limited to the following) can be tackled: Improving the software stack to support and distribute the directory. Enhancing existing BCPs. Reviewing and assisting in the creation of new BCPs. Improving the vulnerability-lookup.org software stack used by GCVE.eu users. For more details about the proposed GCVE activities at the FIRST.org hackathon, and to follow live updates, visit the discussion link.
June 19, 2025
GCVE Releases Draft Standard BCP-03 for Decentralized Vulnerability Publication
A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services. The GCVE Working Group has released the draft for BCP-03, a new Decentralized Publication Standard. This standard allows Global Naming Authorities (GNAs) to publish vulnerability information directly via HTTP REST APIs or static files, removing reliance on a central system. Clients can discover these publication endpoints through the GCVE directory, enabling them to pull data from their own curated set of trusted sources. To facilitate adoption, a reference implementation is available in the open-source Vulnerability-Lookup project.
June 10, 2025
The first publication of the GCVE-BCP-01 - Signature Verification of the Directory File
A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services. GCVE.eu has published its first Best Current Practice document, GCVE-BCP-01, which outlines the recommended method for verifying the integrity and authenticity of the GCVE directory file using OpenSSL and a public key. This BCP ensures that all consumers of the directory validate the file’s signature before use, reinforcing trust and security within the GCVE ecosystem. All implementers and users are strongly encouraged to follow the outlined verification process. The BCP is a draft for public review. Feedback is more than welcome.
April 25, 2025
GCVE - Global CVE Allocation System Announced
Introducing the Global CVE (GCVE) Allocation System (https://gcve.eu), a new decentralized approach to identifying and numbering security vulnerabilities. GCVE empowers independent GCVE Numbering Authorities (GNAs) to assign vulnerability IDs directly, offering greater autonomy and speed compared to traditional centralized methods. This system is designed to complement the existing CVE® program, ensuring seamless compatibility by representing all standard CVEs under the reserved GNA ID 0. The primary benefits of GCVE include enhanced flexibility for participating organizations to define their own processes, improved scalability by removing central bottlenecks, and decentralized allocation managed by the GNAs themselves. We invite organizations involved in vulnerability management to explore this new system and consider becoming a GNA. For more details, visit https://gcve.eu or contact info@gcve.eu.
April 16, 2025