- Yesterday the organization operating the Common Vulnerabilities and Exposures database (CVE) announced that government funding was about to end.
- The US Cybersecurity and Infrastructure Security Agency (CISA) has now stepped up to extend its option to finance the program.
- The CVE Board has also shared that it’s forming a new CVE Foundation to ensure long-term stability.
The United States government has found itself on bit of a cancelation spree as of late, terminating critical programs with all the subtlety and care of a bull in a china shop. Late yesterday, we got word that the Common Vulnerabilities and Exposures database (CVE) was about to lose its funding. Considering how critical a role the CVE plays in naming and tracking the sort of security vulnerabilities that malware is always looking to exploit, this felt like a huge, unacceptable risk for the tech industry as a whole. Luckily, it now looks like we don’t have anything to (immediately) worry about.
The MITRE Corporation has been under contract to manage the CVE program, but yesterday shared that funding to continue that work was being shut off as of today. Understandably, we were a little concerned about this development.