[cookiengineer]

> https://euvd.enisa.europa.eu/

They already did it. Great!

Maybe we can ask them how to contribute to their software, as it seems to be proprietary at the moment?

edit: lol, their manifest.json is still the React boilerplate: https://euvd.enisa.europa.eu/manifest.json

Their database seems to also only contain fairly recent CVEs (up until 2019? some CVEs are missing...) and not before that

[rickdeckard]

To quote the article

  "Fourth, national vulnerability databases like China’s and Russia’s, among others, will largely dry up (Russia more than China)."

  "Fourth [sic], hundreds, if not thousands, of National / Regional CERTs around the world, no longer have that source of free vulnerability intelligence."

  "Fifth [sic], every company in the world that relied on CVE/NVD for vulnerability intelligence is going to experience swift and sharp pains to their vulnerability management program."

[numpad0]

All major powers have at least one each, some few for different parts of bureaucracy. Most of them are probably minimum budget operations just rsync-ing US CVD but they exist.

[ozim]

We can only hope they will get enough exposure now so they can get funding to fix stuff.