Everyone that manages security reports for Open Source projects have been getting a higher workload because of AI. Both real reports and just slop - reports including vulnerabilities in code that doesn't exist. For some, this is becoming a denial of service attack, with developers having to spend valuable, and in some cases unpaid, time to sort out what's real and may be a vulnerability.

Jarek Potiuk, member of The Apache Software Foundation will talk about this on the GVIP Summit Wednesday Jan 28th in Brussels. We still have a few seats available - but hurry up to register!

https://www.gvip-project.org

#NVD #CVE #EUVD #EUCRA #CRA

As #US #vulnerability-tracking falters, #EU enters with its own #security bug database
The European Vulnerability Database ( #EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems. The EUVD is similar to the US government's National Vulnerability Database ( #NVD).
https://www.theregister.com/2025/05/13/eu_security_bug_database/ #CISA