Announce
The first publication of the GCVE-BCP-01 - Signature Verification of the Directory File
A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services. GCVE.eu has published its first Best Current Practice document, GCVE-BCP-01, which outlines the recommended method for verifying the integrity and authenticity of the GCVE directory file using OpenSSL and a public key. This BCP ensures that all consumers of the directory validate the file’s signature before use, reinforcing trust and security within the GCVE ecosystem. All implementers and users are strongly encouraged to follow the outlined verification process. The BCP is a draft for public review. Feedback is more than welcome.
April 25, 2025
GCVE - Global CVE Allocation System Announced
Introducing the Global CVE (GCVE) Allocation System (https://gcve.eu), a new decentralized approach to identifying and numbering security vulnerabilities. GCVE empowers independent GCVE Numbering Authorities (GNAs) to assign vulnerability IDs directly, offering greater autonomy and speed compared to traditional centralized methods. This system is designed to complement the existing CVE® program, ensuring seamless compatibility by representing all standard CVEs under the reserved GNA ID 0. The primary benefits of GCVE include enhanced flexibility for participating organizations to define their own processes, improved scalability by removing central bottlenecks, and decentralized allocation managed by the GNAs themselves. We invite organizations involved in vulnerability management to explore this new system and consider becoming a GNA. For more details, visit https://gcve.eu or contact info@gcve.eu.
April 16, 2025