However, that doesn’t mean that everyone is celebrating EUVD’s arrival.
“The creation of EUVD is a mix of good and bad traits,” said Morey J. Haber, chief security advisor at security vendor BeyondTrust. “This is a complementary service that could improve response times and bridge gaps in CVE coverage,” he said, but “losing MITRE CVE as a global authority is disheartening.”
While Haber said that treating the CVE system as a “single source of truth” is no longer viable in a globalized vulnerability environment, the arrival of the EUVD “could create scoring conflicts, risk prioritization issues, and conflicts within multinational organizations attempting to remediate software flaws.”
