Ddos 
In a crucial move to safeguard one of the cybersecurity community’s most foundational tools, the Cybersecurity and Infrastructure Security Agency (CISA) announced it has extended funding for the Common Vulnerabilities and Exposures (CVE) program. The last-minute intervention ensures that there will be no interruption in the operation of the 25-year-old vulnerability tracking system.
“The CVE Program is invaluable to the cyber community and a priority of CISA,” a spokesperson said in a statement. “Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
This announcement comes just hours after MITRE Vice President Yosry Barsoum sounded the alarm about the program’s funding cliff, warning that both the CVE and the related Common Weakness Enumeration (CWE) programs were set to lose their financial backing on April 16. Such a lapse, Barsoum cautioned, would have far-reaching consequences for national vulnerability databases, advisory feeds, security vendors, and incident response teams.
“If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure,” Barsoum noted in a letter to CVE Board members.
The CVE program, maintained by MITRE with sponsorship from the U.S. Department of Homeland Security (DHS) and CISA, has served as the global standard for identifying and cataloging publicly known cybersecurity vulnerabilities since its inception in 1999. To date, over 274,000 CVE records have been issued, supporting threat intelligence platforms, vulnerability scanners, and patch management systems across industries.
While the funding extension has stabilized the program for now, Barsoum emphasized that ongoing support is essential: “The government continues to make considerable efforts to support MITRE’s role in the program, and MITRE remains committed to CVE as a global resource.”
This development highlights the vital nature of stable government funding for foundational cybersecurity infrastructure. As cyber threats grow increasingly complex and fast-moving, the continuity of systems like CVE and CWE remains a national and global imperative.
Related Posts:
- CVE Foundation Launched to Secure Vulnerability Tracking
- MITRE Warns of CVE Program Disruption as U.S. Contract Set to Expire
- js Expands CVE Coverage for EOL Releases Despite MITRE Rejection
- Vulnerability Overload: 40,000+ CVEs in 2024
- $20 Million Drained and Returned: Government Wallet Under Scrutiny
About The Author
