Search papers, labs, and topics across Lattice.
This paper empirically analyzes the metadata of the newly introduced European Union Vulnerability Database (EUVD) to assess its content and effectiveness. The analysis reveals that vulnerabilities archived in the EUVD are generally severe and have high exploitation prediction scores, surpassing vulnerabilities coordinated by European public authorities. The study also identifies varying levels of engagement from different European authorities, highlighting Spain's activity and limited involvement from others, while noting a strong growth trend in European coordination and archiving within the EUVD.
The EU's new vulnerability database is filling up with *more* severe exploits than those flagged by individual European authorities, suggesting a shift in the landscape of coordinated cybersecurity response.
A new European Union Vulnerability Database (EUVD) was introduced via a legislative act in 2022. The paper examines empirically the meta-data content of the new EUVD. According to the results, actively exploited vulnerabilities archived to the EUVD have been rather severe, having had also high exploitation prediction scores. In both respects they have also surpassed vulnerabilities coordinated by European public authorities. Regarding the European authorities, the Spanish public authority has been particularly active. With the exceptions of Finland, Poland, and Slovakia, other authorities have not engaged thus far. Also the involvement of the European Union's own cyber security agency has been limited. These points notwithstanding, European coordination and archiving to the EUVD exhibit a strong growth trend. With these results, the paper makes an empirical contribution to the ongoing work for better understanding European cyber security governance and practice.
