CyberSecurity news

FlagThis

@www.nextgov.com //

CVE Program's Funding Crisis Spurs Call for Collaboration

Original img attribution: https://cdn.nextgov.com/media/img/cd/2025/04/15/041525vulnerabilitiesNG/open-graph.jpg
ImgSrc: cdn.nextgov.com

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • : MITRE CVE Program in Jeopardy
  • Tony Bradley: Cybersecurity World On Edge As CVE Program Prepares To Go Dark
  • Lukasz Olejnik: By cutting what amounts to penny costs, the Trump administration will effectively (temporarily) cripple the global cybersecurity system — CVE. It is a global system for identifying and tracking vulnerabilities that has served as a common language for companies, governments, and researchers worldwide since 1999. The consequence will be a breakdown in coordination between vendors, analysts, and defense systems — no one will be certain they are referring to the same vulnerability. Total chaos.
  • RootWyrm ??:progress:: people, THIS is big and you need it in front of management RIGHT NOW. MITRE has informed the CVE board members that effective TONIGHT, funding to run CVE and CWE is effectively gone. The US federal government contracts MITRE to run these programs including both management, operations, and infrastructure. This not only could but almost certainly will result in disruptions to CVE and CWE including a halt of all operations if new contracts/funding are not secured.
  • Lukasz Olejnik: Farewell, CVE? What's next for cybersecurity?
  • bsky.app: By cutting what amounts to penny costs, the Trump administration will effectively (at least temporarily) cripple the global cybersecurity system — CVE.
  • Tenable Blog: MITRE CVE Program Funding Set To Expire
  • Jon Greig: CISA confirmed on Wednesday evening that will no longer be running the program as of tomorrow It is unclear whether they will find a new vendor or try to run it themselves.
  • www.csoonline.com: In a stunning development that demolishes a cornerstone of cybersecurity defense, nonprofit R&D organization MITRE said that its contract with the Department of Homeland Security (DHS) to maintain the Common Vulnerabilities and Exposures (CVE) database, which organizes computer vulnerabilities, will expire at midnight on April 16.
  • The Register - Security: Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program
  • securityonline.info: MITRE Warns of CVE Program Disruption as U.S. Contract Set to Expire
  • PCMag UK security: Nonprofit That Tracks Software Flaws in Jeopardy Following Funding Cuts
  • Metacurity: Here's my piece on the ending of the CVE contract. "Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the end to the CVE program as 'tragic,' a sentiment echoed by many cybersecurity and CVE experts reached for comment."
  • x.com: Post discussing MITRE support for the CVE program expiring
  • www.cyberdefensemagazine.com: MITRE CVE Program in Jeopardy
  • securityboulevard.com: MITRE CVE Program Funding Set To Expire
  • securityonline.info: MITRE Warns of CVE Program Disruption as U.S. Contract Set to Expire
  • The Hacker News: U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert
  • Secure Bulletin: MITRE Signals Critical Risk to CVE Program as Federal Funding Expires
  • www.scworld.com: MITRE support expires for 'pillar of cybersecurity industry,' CVE program
  • cybersecuritynews.com: MITRE’s Support for CVE Program Expired Today! – Internal Letter Leaked Online, “MITRE Confirmedâ€
  • Risky Business Media: Risky Bulletin: MITRE says funding risk could disrupt CVE database
  • Sergiu Gatlan: This comes after MITRE Vice President Yosry Barsoum warned on Tuesday that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today.
  • The Last Watchdog: MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain
  • Schneier on Security: Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to , as the US Department of Homeland Security failed to renew the contact.
  • industrialcyber.co: US CISA extends MITRE CVE, CWE programs with last-minute contract extension, prevents shutdown
  • PCMag UK security: 11th-Hour Funding Saves Program That Tracks Software Vulnerabilities
  • Industrial Cyber: MITRE warns of potential cybersecurity disruptions as US government funding for CVE, CWE programs set to expire
  • hackread.com: CVE Program Stays Online as CISA Backs Temporary MITRE Extension
  • industrialcyber.co: Non-profit organization MITRE has informed that federal government funding for the Common Vulnerabilities and Exposures (CVE) and Common...
  • securebulletin.com: The cybersecurity world faces a significant challenge as the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of global vulnerability management, risks disruption due to expiring federal funding.
  • Security Risk Advisors: Funding for MITRE’s CVE Program Set to Expire, Global Vulnerability Tracking at Risk
  • The DefendOps Diaries: CISA extends funding for CVE program, boosting global cybersecurity collaboration and threat management.
  • www.lastwatchdog.com: MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain
  • Filippo Valsorda :go:: Joke aside, I hope the CNAs (CVE Numbering Authorities) can find a way to coordinate and publish entries, which is 90% (or maybe 120%, since vuln “enrichment†is often so wildly off) of the value of the system. Without Mitre, there will be a lack of a CNA of last resort, though.
  • techhq.com: US government stops support for CVE oversight
  • Tenable Blog: Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
  • The Register - Security: In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.
  • www.bleepingcomputer.com: CISA restores CVE funding
  • www.esecurityplanet.com: The U.S. extends CVE program funding hours before expiration, averting a crisis and prompting moves toward a more sustainable, community-led future.
  • Security Risk Advisors: UPDATE: Critical CVE Program Receives 11-Month Funding Extension, Averting Disruption in Critical CVE Program
  • Emil Sayegh: The near-shutdown of MITRE’s CVE program revealed a global cybersecurity blind spot. What went wrong here and why the world must share the burden.
  • WIRED: This article discusses the global cybersecurity system for identifying and tracking security bugs, emphasizing how the recent reduction in funding for the CVE program highlights a global cybersecurity blind spot. The article points out the need for international collaboration and community-driven solutions for vulnerability intelligence.
  • aboutdfir.com: CISA extends funding to ensure ‘no lapse in critical CVE services’
  • Matthew Rosenquist: I am very glad that the Common Vulnerabilities and Exposures (CVE) program was re-funded by the US Government, specifically CISA (Cybersecurity and Infrastructure Security Agency)
  • krebsonsecurity.com: Funding Expires for Key Cyber Vulnerability Database
  • sysdig.com: CVE wake-up call: What’s ahead after the MITRE funding fiasco
  • www.zdnet.com: Why the CVE database for tracking security flaws nearly went dark - and what happens next
  • hackread.com: CVE Program Stays Online as CISA Backs Temporary MITRE Extension
Classification: