MITRE warns that funding for critical CVE program expires today

The program is widely adopted across various cybersecurity tools, including vulnerability management systems, and it allows tracking all newly discovered vulnerabilities using CVE Identifiers (CVE IDs) assigned by CVE Numbering Authorities (CNAs) worldwide, with MITRE as the CVE Editor and Primary CNA. CVE also helps avoid confusion caused by using multiple names for a single security flaw, enables coordinated cataloging of new vulnerabilities, and enables security teams to share information more easily through advisories, vulnerability databases, and other resources using a standard reference system. MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. Casey Ellis, founder of crowdsourced security company Bugcrowd, added, "CVE underpins a huge chunk of vulnerability management, incident response, and critical infrastructure protection efforts. CVE, the most critical of the two, is maintained by MITRE with funding from the U.S. National Cyber Security Division of the U.S. Department of Homeland Security (DHS). MITRE's troubles in keeping the CVE program funded come as NIST is also scrambling to clear a large backlog of CVEs that need enrichment for its National Vulnerability Database (NVD). According to former CISA head Jean Easterly, the immediate result would likely be the breakdown of most trusted security tools and processes and the collapse of all global coordination efforts. The government continues to make considerable efforts to continue MITRE's role in support of the program," Barsoum warned in a letter sent to CVE Board members. ​Since the letter was published online, many security experts and leaders in the cybersecurity community have expressed their angst. A sudden interruption in services has the very real potential to bubble up into a national security problem in short order.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 16 Apr 2025 06:20:11 +0000