CVEs, CWEs and SBOMs: basics for modern vulnerability management
In an increasingly digitalized world, software is becoming more and more complex. Applications consist of numerous libraries and dependencies that can harbor security risks. The Cyber Resilience Act (CRA) requires companies to make their entire software supply chain transparent and secure. SBOMs, CVEs and CWEs form the basis for modern vulnerability management, but how is […]
CRACoWi Plenary in Maribor with erminas
We were in Maribor – with 13 partners, a common goal and a lot of concrete work on the CRA Compliance Wizard From September 30 to October 1, 2025, we met with our partners from the CRACoWi consortium in Maribor (Slovenia) for the second plenary meeting. The focus: how to turn the Cyber Resilience Act […]
From Dependence to EUVD: Why Europe Must Rely on Its Own Vulnerability Databases
Im April 2025 stand die IT-Sicherheitswelt kurz vor einem Chaos: Die Finanzierung des CVE-Programms durch die US-Regierung wurde nicht wie erwartet verlängert. Erst in letzter Minute sprang die US-Behörde CISA ein und verhinderte den Stillstand. Doch die Unsicherheit bleibt. Dieses Ereignis hat einmal mehr verdeutlicht, wie fragil die globale Sicherheitsinfrastruktur ist, wenn sie auf einem […]