Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

ENISA named CVE program root, expanding its role in EU vulnerability coordination

(Geralt / Pixabay)

By Anna Ribeiro

The European Union Agency for Cybersecurity is now officially a CVE Program Root, making ENISA a central contact point for national and EU authorities, the EU CSIRTs network, and partners operating under its mandate. The designation strengthens its role in vulnerability management and expands its responsibility for coordinating disclosures across the region.

As a CVE Numbering Authority, ENISA already assigns CVE IDs and publishes CVE Records for vulnerabilities discovered by or reported to EU CSIRTs, a role it has held since January 2024. Becoming a Root CNA builds on that work and broadens its authority within the CVE program.

The expanded role fits into the EU’s wider push to improve vulnerability coordination and management. It supports ongoing coordinated disclosure efforts across Member States, the development and operation of the EU Vulnerability Database, and ENISA’s tasks under the Cyber Resilience Act, including providing guidance to manufacturers, supporting implementation of the new cybersecurity framework, and operating the Single Reporting Platform. Together, these responsibilities strengthen the EU’s ability to manage vulnerabilities consistently and efficiently across borders.

Read more at Industrial Cyber

Click to listen highlighted text!