Credit: Robert Triggs / Android Authority
- The US government has stopped funding the Common Vulnerabilities and Exposures (CVE) database, a standardized global system for identifying and tracking software vulnerabilities across platforms and devices, including Android.
- Without CVEs, Google’s monthly Android security bulletins may face delays, confusion, or reduced transparency.
- It’s unclear who, if anyone, will step in to maintain or replace the CVE system.
Update, April 16, 2025 (11:01 AM ET): For a moment there it looked like malware authors were about to have a field day, but it now seems that the CVE program has found a last-minute reprieve — on multiple fronts, as well.