CVE Program on the Verge of Losing Funding

AndyC 24 April 2025

CVE Program on the Verge of Losing Funding
The program by Mitre, which provides essential resources for cybersecurity vulnerabilities like standardized naming and other important information, was on the brink of being terminated after the US Department o


CVE Program on the Verge of Losing Funding

The program by Mitre, which provides essential resources for cybersecurity vulnerabilities like standardized naming and other important information, was on the brink of being terminated after the US Department of Homeland Security neglected to extend the contract. Fortunately, it received funding for another eleven months just in time.

This situation carries significant implications. The CVE program serves as a crucial part of the common infrastructure that benefits everyone. The potential loss of this program could take us back to a time where vulnerabilities could not be universally discussed. It’s somewhat perplexing to consider that the US government might jeopardize its own security in this manner, though no more perplexing than its other current actions against its own interests.

Sasha Romanosky, a senior policy researcher at the Rand Corporation, described the cessation of the CVE program as “heartbreaking,” a sentiment shared by many cybersecurity professionals and CVE specialists consulted for comments.

“The allocation of CVE names to software packages and versions forms the bedrock on which the software vulnerability landscape is structured,” Romanosky remarked. “Deprived of this foundation, we will be unable to monitor newly identified vulnerabilities, assess their severity, or anticipate their exploitation. Moreover, we would be ill-equipped to make well-informed decisions regarding their patching.”

Ben Edwards, a principal research scientist at Bitsight, stated to CSO, “I am deeply saddened and disheartened. This is a valuable asset that should undoubtedly receive funding, and forgoing its renewal is an error.”

He appended, “I remain optimistic that any interruption will be brief and that in the event the contract is not renewed, other stakeholders within the ecosystem can assume the responsibilities that MITRE is relinquishing. The federated structure and openness of the system permit this transition, but it will certainly present challenges if the operations need to be handed over to another entity.”

Additional similar quotes can be found in the referenced article.

From what I can ascertain, we will likely find a way to ensure the continuity of this program even without the involvement of the US government. Its importance is too great to be endangered.

EDITED TO ADD: Another noteworthy article.

Tags: , , ,

More Stories

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025

You may have missed

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.