Select your country

Not finding what you are looking for, select your country from our regional selector:

Search

The Future of Vulnerability Management: Why digital sovereignty is now a cybersecurity imperative?

Introduction

Recent developments concerning the funding of the Common Vulnerabilities and Exposures (CVE) program have reignited crucial conversations around cybersecurity independence and digital sovereignty. As cybersecurity threats escalate worldwide, these events serve as a wake-up call: governments, organizations, and security stakeholders must prioritize building autonomous, trusted frameworks for vulnerability management. 

At Orange Cyberdefense, our Cyber Threat Intelligence experts believe that sovereignty is no longer optional—it is essential to ensuring resilience, stability, and long-term security. 

The CVE Turmoil: a Tremor or an Earthquake?

For 25 years, the CVE program, managed by the U.S.-based nonprofit MITRE Corporation under the delegation of the Cybersecurity and Infrastructure Security Agency (CISA), has been the cornerstone of global vulnerability management. It provides a standardized system for identifying and tracking security flaws across digital infrastructures. 

However, when MITRE announced the impending expiration of its funding agreement for the CVE program, it sent shockwaves throughout the cybersecurity community. Although a temporary funding extension was later announced, the episode exposed the fragility of relying on a single entity—and by extension, a single nation—for such a critical function. 

This situation highlights a broader issue: the urgent need for sovereign, resilient cybersecurity frameworks, especially in regions like Europe. 

Europe’s Strategic Challenge: Reducing Dependence

Europe’s reliance on the U.S.-controlled CVE database underscores an uncomfortable truth: true cybersecurity resilience requires autonomy. Transitioning to a European-controlled system is not simply about duplicating existing data—it demands building a robust and trustworthy ecosystem capable of global collaboration. 

Key pillars for a European alternative include: 

  • Central Management Organization: A body like ENISA (European Union Agency for Cybersecurity) should coordinate operations to ensure neutrality. 

  • Network of CNAs: Europe must expand its network of CVE Numbering Authorities (CNAs), leveraging national CERTs, private partners, and research institutions. 

  • Transparent Governance: Clear, trusted rules for data handling and vulnerability validation must be established. 

  • Technical Infrastructure: A scalable, secure, and efficient platform for managing vulnerability reports is essential. 

  • Sustainable Financing: Ongoing investments from EU member states will be critical to long-term success. 

  • International Collaboration: Working with MITRE and U.S. authorities to leverage existing knowledge will help avoid fragmentation. 

The creation of the European Vulnerability Database (EUVD) by ENISA is a promising first step. However, much work remains to build the complete infrastructure Europe needs to achieve true digital sovereignty. 

Orange Cyberdefense: Building sovereignty through expertise

At Orange Cyberdefense, we have long recognized the strategic value of controlling and enriching our own cyber intelligence assets. For several decades, we have built and maintained a proprietary vulnerability database that gives us autonomy and flexibility when identifying, analyzing, and responding to threats. 

Some key figures illustrating our commitment: 

  • 270,000 resources analyzed every month, feeding our database since 2000. 

  • 5,000 monitored products, covering operating systems, network products, security software, and more. 

  • 40 global vulnerability experts within our CERT, the leading private CERT in Europe. 

  • 12,000 vulnerability alerts published in 2024. 

  • 470 advisories published by our World Watch team. 

  • 68,509 references and 1,337,797 unique results in our Vulnerability Operations Center (VOC) database. 
    (Source: Security Navigator 2025, Orange Cyberdefense) 

This independent capability, supported by advanced tools and expert analysts, strengthens the digital resilience of our customers and partners. 

Conclusion: Building the future of digital sovereignty

The uncertainty surrounding CVE funding serves as a stark reminder that cybersecurity cannot be left in the hands of a few. Europe, and the world, must invest in robust, sovereign cybersecurity infrastructures to ensure the resilience of our digital future. 

Orange Cyberdefense remains committed to supporting this transition, combining cutting-edge Cyber Threat Intelligence, vulnerability expertise, and a strategic vision rooted in digital sovereignty. 

To learn more about these critical cybersecurity issues, we invite you to watch our webinar dedicated to CVE and digital sovereignty

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT