Who is behind GCVE?
People, organisations, and projects
Who is behind GCVE?
GCVE is an initiative led by CIRCL and developed with an open, collaborative community of organisations and people actively contributing to the project.
CIRCL leads the GCVE initiative, with transparent discussions, practical implementations, and community contributions shaping the work.
As mentioned in the FAQ, the GCVE initiative is led by CIRCL. The initiative grew from operational experience running vulnerability publication and lookup infrastructure, and it remains closely connected to open-source vulnerability-management work.
GCVE is not only a website or an identifier format. It is a collaborative effort where people who actively contribute to the project help define the technical direction, improve tooling, discuss Best Current Practices, and extend the ecosystem for real-world vulnerability publication use cases.
Open governance and practical expertise
GCVE Community Board
The GCVE Community Board is composed of people who contribute regularly to the GCVE initiative and provide constructive feedback, useful input, and practical expertise to help advance the field of vulnerability identification and intelligence. Its role is to support the evolution of GCVE, from Best Current Practice documents to concrete software implementations, with the objective of serving the global vulnerability intelligence community.
The board operates in an open and collaborative manner. A permanent chat room is available for ongoing discussions, coordination, and exchange of ideas. In addition, a monthly online meeting is organized to discuss important topics, review progress, and address proposals or challenges related to GCVE. The discussions and outcomes of these monthly meetings are public, ensuring transparency and encouraging broader community participation.
Members
Cédric Bonhomme
CIRCL
Alexandre Dulaunoy
CIRCL
David Durvaux
European Commission
Jerry Gamblin
Rogolabs
Jay Jacobs
Empirical Security
Eireann Leverett
Concinnity Risks
Contributors and supporters
The GCVE ecosystem is supported by organisations, standards communities, and EU co-funded projects that help sustain the work and expand it into new initiative extensions.
Initiative lead
CIRCL
The Computer Incident Response Center Luxembourg leads GCVE and contributes operational experience from vulnerability management, coordinated disclosure, and open-source tooling.
Visit CIRCL
Community support
ossbase
ossbase supports the open collaboration space around GCVE, including public discussions for BCP topics and community feedback.
Visit ossbase
Standards alignment
MISP-standard
MISP-standard helps connect GCVE work with open information-sharing standards and practical interoperability needs in the security community.
Visit MISP-standardEU co-funded extension
FETTA
FETTA supports new GCVE initiative extensions and applied work that strengthens open vulnerability publication and coordination capabilities.
EU co-funded extension
AIPITCH
AIPITCH contributes support for new GCVE initiative extensions, including work at the intersection of vulnerability information, tooling, and assisted analysis.
EU co-funded extension
NGSOTI
NGSOTI supports the broader open-source vulnerability tooling ecosystem and helps enable extensions connected to GCVE and vulnerability-lookup.
Collaborative by design
GCVE work is collaborative and led by people who actively contribute to the project. Contributions happen through implementation, data modelling, operational feedback, BCP discussions, open-source development, and participation in the GCVE community channels.
The goal is to keep GCVE practical, transparent, and useful for vulnerability publishers, consumers, coordinators, researchers, and software maintainers. The organisations listed above provide leadership, infrastructure, standards alignment, and project support, but the direction of GCVE is shaped by ongoing contributions from the people doing the work.