[pm]

My understanding of CVE is superficial at best. I thought it was just an acronym publicly identifying vulnerabilities; I didn't realise there was a political structure behind it all.

While the article presents good food for thought, certification isn't a practical solution to the problem at hand. This database seems like a reasonable alternative.

[freeone3000]

It is “just” that, but: How are numbers assigned? How can others find details? Who determines when these details are public? (note: full CVE details can be used to exploit critical software) If they’re not always public, who gets to see them? And who handles that dissemination? Who takes care of duplicates?

Lots of work does go into this, even if it’s “just” an identifier.