Hi @gbiggs,
Some level of overlapping will indeed happen and is already happening. From my research however, this is not an uncommon practice in security. In fact, CVE List acts as an aggregator most of the time and gets its information from the National Vulnerability Database (NVD). See the following definition in the CVE List official page:
CVE is not a vulnerability database. CVE is designed to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and services. As such, CVE does not contain information such as risk, impact, fix information, or detailed technical information. CVE only contains the standard identifier number with status indicator, a brief description, and references to related vulnerability reports and advisories.
Following from the rationale provided above, RVD exactly aims to tackle aspects such as impact (through a proper severity mechanism for robots), information for mitigation, detailed technical information, etc.
For the reasons provided above, I would be surprised to learn many robotic engineers are currently watching CVE List. The CVE List is widely critized for being weak on firmware or hardware-related aspects. According to our research, there are many vulnerabilities that do not make it to the CVE List or the NVD. These flaws do make it though to Security Advisories and security professionals do often monitor several of these.
Answering your question @gbiggs, yes, robotic engineers will need to watch more than two sources. Itβs our intention however with RVD to influence CVE List and reduce the overall effort needed.