The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy due to funding shortages. CISA clarified that there was never a funding crisis for the CVE Program; a contract administration issue arose but was resolved before any lapse occurred, ensuring uninterrupted operation of this critical cybersecurity infrastructure. “The CVE Program is invaluable to the cyber community and a priority of CISA,” a spokesperson stated, emphasizing the agency’s dedication to sustaining and improving this vital resource. CISA’s recent actions and public statements underscore its foundational priority: maintaining and advancing the CVE Program as an indispensable asset for cybersecurity professionals and organizations worldwide. The CVE Program, managed by MITRE with CISA as its longstanding sponsor, is a cornerstone of global cybersecurity. We are proud to sponsor the CVE program; an invaluable public resource relied upon by network defenders and software developers alike. Recent concerns were sparked when MITRE, the non-profit organization responsible for operating the CVE Program, warned that its federal contract was set to expire on April 16, 2025. It provides a standardized system for identifying and cataloging publicly known software vulnerabilities, enabling network defenders, software developers, and security researchers to respond quickly and effectively to emerging threats. A critical vulnerability exists in Linux's security framework, revealing that many runtime security tools struggle to detect threats operating via the io_uring interface. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Apr 2025 15:00:13 +0000