Before CISA's announcement, a group of CVE Board members announced the launch of the CVE Foundation, a non-profit organization established to secure the CVE program's independence in light of MITRE's warning that the U.S. government might not renew its contract for managing the program. MITRE maintains CVE, a widely adopted program that provides accuracy, clarity, and shared standards when discussing security vulnerabilities, with funding from the U.S. National Cyber Security Division of the U.S. Department of Homeland Security (DHS). While the CVE Foundation plans to release further information about its transition planning in the coming days, the next steps remain unclear, especially considering CISA has confirmed that funding for MITRE's contract has been extended. CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said. "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 16 Apr 2025 13:05:15 +0000