Full disclosure in computer security still exists and is complementary to other disclosure models. The evolution of vulnerability disclosure is not linear from full disclosure to responsible disclosure to coordinated disclosure. These models coexist and all need to be taken into account.

You can’t just say “the legal framework will solve it” or “just do coordinated disclosure.” Vendors, researchers, and users are not all rational actors playing the same game.

Vulnerability disclosure is more complex than that, and if you actually want to address the issue, you can’t just say “it doesn’t exist.”

#cve #gcve #vulnerabilitymanagement #cybersecurity #fulldisclosure #vulnerability

Full disclosure in computer security still exists and is complementary to other disclosure models. The evolution of vulnerability disclosure is not linear from full disclosure to responsible disclosure to coordinated disclosure. These models coexist and all need to be taken into account.

You can’t just say “the legal framework will solve it” or “just do coordinated disclosure.” Vendors, researchers, and users are not all rational actors playing the same game.

Vulnerability disclosure is more complex than that, and if you actually want to address the issue, you can’t just say “it doesn’t exist.”

#cve #gcve #vulnerabilitymanagement #cybersecurity #fulldisclosure #vulnerability

The last 5 days have been a bit wild for the GCVE.eu initiative.

What started as steady work suddenly picked up real momentum:

• The public GCVE.eu database instance - https://db.gcve.eu/ - caught the attention of the media, sparking discussions well beyond our usual circles

• We published updates to the GCVE KEV Assertion Standard Format (BCP-07), refining how known-exploited information can be asserted and shared

• Vulnerability-Lookup 2.21.0 was released, bringing improvements aligned with the GCVE ecosystem

• We received a lot of valuable feedback especially on the specs, the tooling, and the overall direction

• New GNAs joined the GCVE directory, and new contributors stepped in to help shape both the specifications and the software

Seeing this level of engagement, critique, and contribution in such a short time is incredibly motivating. It reinforces why an open, decentralized, and collaborative approach to vulnerability identification and sharing matters.

Huge thanks to everyone who tested, commented, challenged assumptions, wrote code, improved text, or simply helped spread the word. This is very much a community effort and it’s only getting started. 💙

#GCVE #OpenSource #VulnerabilityManagement #CyberSecurity #Standards #Community

Don't hesitate to follow us at GCVE-EU - @gcve

@circl

GCVE BCP - https://gcve.eu/bcp/
GCVE DB - https://db.gcve.eu/recent
Vulnerability-Lookup - https://github.com/vulnerability-lookup/vulnerability-lookup

The last 5 days have been a bit wild for the GCVE.eu initiative.

What started as steady work suddenly picked up real momentum:

• The public GCVE.eu database instance - https://db.gcve.eu/ - caught the attention of the media, sparking discussions well beyond our usual circles

• We published updates to the GCVE KEV Assertion Standard Format (BCP-07), refining how known-exploited information can be asserted and shared

• Vulnerability-Lookup 2.21.0 was released, bringing improvements aligned with the GCVE ecosystem

• We received a lot of valuable feedback especially on the specs, the tooling, and the overall direction

• New GNAs joined the GCVE directory, and new contributors stepped in to help shape both the specifications and the software

Seeing this level of engagement, critique, and contribution in such a short time is incredibly motivating. It reinforces why an open, decentralized, and collaborative approach to vulnerability identification and sharing matters.

Huge thanks to everyone who tested, commented, challenged assumptions, wrote code, improved text, or simply helped spread the word. This is very much a community effort and it’s only getting started. 💙

#GCVE #OpenSource #VulnerabilityManagement #CyberSecurity #Standards #Community

Don't hesitate to follow us at GCVE-EU - @gcve

@circl

GCVE BCP - https://gcve.eu/bcp/
GCVE DB - https://db.gcve.eu/recent
Vulnerability-Lookup - https://github.com/vulnerability-lookup/vulnerability-lookup

Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu , a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases.

🔗 For more details - https://gcve.eu/2026/01/07/gcve-db-announce/
🔗 https://db.gcve.eu/

#cve #gcve #cybersecurity #vulnerabilitymanagement #vulnerability

Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu , a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases.

🔗 For more details - https://gcve.eu/2026/01/07/gcve-db-announce/
🔗 https://db.gcve.eu/

#cve #gcve #cybersecurity #vulnerabilitymanagement #vulnerability

Before you know it, it’ll be time for EU Open Source Week and #FOSDEM in Brussels!

We’re planning on being at many events that week (more details soon). A few to put in your calendar now:

a) 28 Jan 2026: The 1st #GVIP Summit on #vulnerabilitymanagement, existing & future systems, from the new #EUVD to the #CVE program and other platforms. Registration: https://www.gvip-project.org/

b) 31 Jan 2026: Funding the FOSS Ecosystem Devroom
https://fosdem.org/2026/schedule/track/funding-the-foss-ecosystem/

Looking forward to seeing you there!

Django Software Foundation is now a CVE Numbering Authority (CNA) assigning CVE IDs for only supported and end-of-life Django versions available at https://www.djangoproject.com/download/ and projects listed at https://github.com/django (such as Django, channels, and daphne), excluding distributions maintained by third-party redistributors.

cve.org/Media/News/item/news/2025/10/28/Django-Added-as-CNA

#CVE #CNA #Vulnerability #VulnerabilityManagement #Cybersecurity

Django Software Foundation is now a CVE Numbering Authority (CNA) assigning CVE IDs for only supported and end-of-life Django versions available at https://www.djangoproject.com/download/ and projects listed at https://github.com/django (such as Django, channels, and daphne), excluding distributions maintained by third-party redistributors.

cve.org/Media/News/item/news/2025/10/28/Django-Added-as-CNA

#CVE #CNA #Vulnerability #VulnerabilityManagement #Cybersecurity