> That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
Work on supply chain security has lead to the introduction of standardized SBOMs, as an artifact required by some large customers to accompany software binaries. It should be possible to associate each software binary CVE with a vendor SBOM and organization country code. Large multinationals might have geo-specific binaries to confirm with regional regulations like the EU CRA.
Work on supply chain security has lead to the introduction of standardized SBOMs, as an artifact required by some large customers to accompany software binaries. It should be possible to associate each software binary CVE with a vendor SBOM and organization country code. Large multinationals might have geo-specific binaries to confirm with regional regulations like the EU CRA.