Its unique identifiers and open database have enabled security teams, vendors, and governments worldwide to coordinate responses to emerging cyber threats, underpinning the security of the digital ecosystem. Experts warned that any interruption could severely disrupt national vulnerability databases, security advisories, and incident response operations, leaving defenders with dangerous blind spots. As the CVE Program enters this new chapter, the Foundation’s mission is clear: to preserve the integrity, availability, and quality of vulnerability data for defenders worldwide, ensuring that the digital world remains resilient in the face of evolving threats. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The launch of the CVE Foundation marks not just the preservation of a critical resource, but a recommitment to global collaboration and innovation in cybersecurity vulnerability management. By transitioning governance to a dedicated non-profit, the Foundation seeks to eliminate the risk of a single point of failure and reflect the truly international nature of today’s threat landscape. “Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work from security tools and advisories to threat intelligence and response. However, this long-standing arrangement was thrown into jeopardy after MITRE confirmed that its contract with the Department of Homeland Security (DHS) would lapse at midnight on April 16, 2025, with no renewal in place. The Foundation aims to ensure that the CVE system remains a globally trusted, community-driven resource, free from reliance on a single government sponsor. In the coming days, the CVE Foundation will release further details about its organizational structure, transition planning, and opportunities for involvement from the broader cybersecurity community. The newly established CVE Foundation has been formally launched to safeguard the long-term continuity, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. This move comes as the CVE Program, a 25-year foundational pillar of cybersecurity, faces unprecedented uncertainty following the expiration of its U.S. government contract. “CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself,” said Kent Landfield, an officer of the new Foundation. For a quarter-century, the CVE Program operated by MITRE under U.S. government funding has served as the global standard for identifying, cataloging, and tracking software vulnerabilities. Security experts and vendors have widely welcomed the move, and many have pledged support and resources to ensure a smooth transition. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Their solution: the creation of the CVE Foundation, an independent, non-profit entity dedicated solely to the stewardship of the CVE Program. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. The announcement sent shockwaves through the cybersecurity sector, raising fears of a breakdown in vulnerability tracking and coordination.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 09:40:11 +0000