GCVE launches as a decentralized system for tracking software vulnerabilities | CyberScoop<\/title> <meta name=\"description\" content=\"A European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/gcve-vulnerability-database-launches\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"GCVE launches as a decentralized system for tracking software vulnerabilities\"> <meta property=\"og:description\" content=\"A European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/gcve-vulnerability-database-launches\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-21T21:30:19+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-21T21:30:22+00:00\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1767719924g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87502\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87502\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgcve-vulnerability-database-launches%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgcve-vulnerability-database-launches%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87502 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/gcve-vulnerability-database-launches\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.192825112108\">\n<div class=\"single-article__header-content\" readability=\"34.162412993039\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/gcve-vulnerability-database-launches\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The new system emerges after repeated funding crises exposed the fragility of the 25-year-old CVE program that cybersecurity defenders worldwide depend on. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87502\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg 7952w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=1536,1025 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=2048,1366 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-5.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"28.848441926346\"><body readability=\"58.835195530726\"><\/p>\n<p>A European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws.<\/p>\n<p>The Global CVE Allocation System, or <a href=\"https:\/\/gcve.eu\/\">GCVE<\/a>, will be maintained by The Computer Incident Response Center Luxembourg (CIRCL) as an alternative to the traditional Common Vulnerabilities and Exposures program, which <a href=\"https:\/\/cyberscoop.com\/cisa-reverses-course-extends-mitre-cve-contract\/\">narrowly avoided shutdown last April<\/a> when the Cybersecurity and Infrastructure Security Agency initially failed to renew its contract with MITRE, the nonprofit that operates the CVE system. A last-minute extension averted immediate collapse, but the near-miss exposed the 25-year-old program\u2019s dependence on a single funding source and triggered development of competing models.<\/p>\n<p>Unlike the traditional CVE system, which relies on a centralized structure for assigning vulnerability identifiers, GCVE introduces independent numbering authorities that can allocate identifiers without seeking blocks pre-allocated from a central body or adhering strictly to centrally enforced policies. Each approved numbering authority receives a unique numeric identifier that becomes part of the vulnerability identification format, allowing organizations to assign identifiers at their own pace and define their own internal policies for vulnerability identification.<\/p>\n<p>The system maintains backward compatibility with the existing CVE infrastructure through a technical accommodation. All existing and future standard CVE identifiers are represented within the GCVE system using the reserved numbering authority designation of zero. A vulnerability identified as CVE-2023-40224 in the traditional system can be represented as GCVE-0-2023-40224, allowing the new framework to coexist with established practices without disrupting existing databases and tools.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The system\u2019s emergence <a href=\"https:\/\/cyberscoop.com\/cve-program-funding-crisis-nvd-cisa-alternatives\/\">reflects broader concerns<\/a> about the CVE program\u2019s governance and sustainability. The April funding crisis occurred less than a month after MITRE celebrated the <a href=\"https:\/\/cyberscoop.com\/cve-program-history-mitre-nist-1999-2024\/\">program\u2019s 25th anniversary<\/a>, creating what several experts described as panic among cybersecurity defenders who rely on CVE identifiers as the foundation for tracking, disclosing, and remediating software vulnerabilities. The near-shutdown followed <a href=\"https:\/\/cyberscoop.com\/plan-to-resuscitate-beleaguered-vulnerability-database-draws-criticism\/\">a separate 2024 funding crisis<\/a> at the National Institute of Standards and Technology, which stopped providing critical metadata for many vulnerabilities due to budget shortfalls. In May of last year, the Department of Commerce\u2019s inspector general launched an audit of that program. The office did not respond to CyberScoop\u2019s inquiry about the audit\u2019s status. <\/p>\n<p>The GCVE system fits within the European Union\u2019s cybersecurity infrastructure, which includes the <a href=\"https:\/\/csirtsnetwork.eu\/\">EU Computer Security Incident Response Teams<\/a> network coordinated by the European Union Agency for Cybersecurity. ENISA operates the <a href=\"https:\/\/euvd.enisa.europa.eu\/\">European Union Vulnerability Database<\/a>, which relies on CIRCL\u2019s <a href=\"https:\/\/www.vulnerability-lookup.org\/\">vulnerability-lookup<\/a> software. <\/p>\n<p>Organizations seeking to become GCVE numbering authorities can apply by contacting CIRCL, with existing CVE numbering authorities and organizations meeting eligibility criteria able to provide basic organizational information similar to the format used in the numbering authority directory file. The approach allows for expansion while maintaining coordination through the central registry.<\/p>\n<p>Following last year\u2019s funding crisis, the CVE Foundation <a href=\"https:\/\/cyberscoop.com\/cve-program-funding-crisis-cve-foundation-mitre\/\">formed as a U.S.-based nonprofit<\/a> seeking to establish private-sector and multi-government funding for vulnerability tracking, with treasurer Pete Allor stating that financial backers are close to being announced and the foundation could be operational by the end of 2025. CISA published its own reform vision in September, outlining plans to expand participation, diversify funding, and improve data quality, though several experts said the agency has not reached out to organizations developing alternative systems. The Institute for Security and Technology <a href=\"https:\/\/securityandtechnology.org\/wp-content\/uploads\/2025\/10\/CVE-at-a-Crossroads.pdf\">released a separate proposal<\/a> in October calling for creation of a Global Vulnerability Catalog that would build upon the existing CVE program with expanded governance and diverse funding while maintaining U.S. government involvement.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5790697674419\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"20.058461538462\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-december-2025\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg 7512w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> Google\u2019s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"1.7783505154639\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-december-2025\/\"> Google addresses 107 Android vulnerabilities, including two zero-days <\/a> <\/h3>\n<p> The company\u2019s latest security update contains the second-highest number of defects patched so far this year. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/cve-program-funding-crisis-nvd-cisa-alternatives\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"300\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-3.jpg?resize=300%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg 5892w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-7.jpg?resize=1500,843 1500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"> <\/a><figcaption class=\"screen-reader-text\"> (Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/cve-program-funding-crisis-nvd-cisa-alternatives\/\"> Behind the struggle for control of the CVE program <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/cynthia-brumfield\/\"> Cynthia Brumfield <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/ai-can-help-track-an-ever-growing-body-of-vulnerabilities-cisa-official-says\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"300\" height=\"166\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities-4.jpg?resize=300%2C166&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\"> <\/a><figcaption class=\"screen-reader-text\"> From left, Tanium\u2019s Sam Kinch, GDIT\u2019s Matt Hayden, the Commerce Department\u2019s Ryan Higgins, and CISA\u2019s Chris Butera take part in a panel discussion at a GDIT event on Sept. 4, 2025 in Washington, D.C. (Scoop News Group photo) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/ai-can-help-track-an-ever-growing-body-of-vulnerabilities-cisa-official-says\/\"> AI can help track an ever-growing body of vulnerabilities, CISA official says <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/gcve-vulnerability-database-launches\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GCVE launches as a decentralized system for tracking software vulnerabilities<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5837,1765,4157,78,5838,3303,1585,2390,2759],"tags":[5839,1770,4158,86,5840,3304,1589,2394,2760],"class_list":["post-8278","post","type-post","status-publish","format-standard","hentry","category-circl","category-cve","category-cve-foundation","category-cybersecurity","category-enisa","category-mitre","category-national-institute-of-standards-and-technology-nist","category-vulnerability-management","category-vulnerability-reporting","tag-circl","tag-cve","tag-cve-foundation","tag-cybersecurity","tag-enisa","tag-mitre","tag-national-institute-of-standards-and-technology-nist","tag-vulnerability-management","tag-vulnerability-reporting"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/circl\/\" rel=\"category tag\">CIRCL<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve-foundation\/\" rel=\"category tag\">CVE Foundation<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/enisa\/\" rel=\"category tag\">ENISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mitre\/\" rel=\"category tag\">MITRE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-institute-of-standards-and-technology-nist\/\" rel=\"category tag\">National Institute of Standards and Technology (NIST)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-management\/\" rel=\"category tag\">Vulnerability Management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-reporting\/\" rel=\"category tag\">vulnerability reporting<\/a>","tag_info":"vulnerability reporting","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8278"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8278\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8278,"date":"2026-01-21T15:30:19","date_gmt":"2026-01-21T21:30:19","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87502"},"modified":"2026-01-21T15:30:19","modified_gmt":"2026-01-21T21:30:19","slug":"gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/21\/gcve-launches-as-a-decentralized-system-for-tracking-software-vulnerabilities\/","title":{"rendered":"GCVE launches as a decentralized system for tracking software vulnerabilities"},"content":{"rendered":"