The cybersecurity community is on high alert following the announcement of the potential shutdown of the Common Vulnerabilities and Exposures (CVE) program, previously managed by Mitre. With funding set to expire, there are fears of significant disruptions to global cybersecurity efforts. In response to this crisis, a coalition of CVE board members has launched the CVE Foundation, a new non-profit organization aimed at securing the future of the CVE program. However, the details of the foundation’s funding and structure remain unclear.
Mitre, which has overseen the CVE program since its inception in 1999, issued a warning that the lack of a renewed government contract could lead to the collapse of critical cybersecurity services, including national vulnerability databases, advisories, and incident response operations. The CVE program has become essential in identifying, defining, and cataloging cybersecurity vulnerabilities, playing a pivotal role in guiding enterprise vulnerability management and enhancing national security.
Experts warn that any disruption to the CVE program could lead to increased business risks, security incidents, and higher compliance costs. Despite the challenges, the newly formed CVE Foundation plans to release further details about its structure and transition plans in the coming days.
Meanwhile, the cybersecurity community continues to rely on CVEs for vulnerability coordination and prioritization. With published CVEs increasing by 40% from 2023 to 2024, the demand for quick action remains high, especially as many of these vulnerabilities are already being exploited in the wild. If the CVE Foundation successfully gets up and running, it may also seek to continue the Common Weakness Enumeration Project, vital for software security.
For more tech updates, visit DC Brief.
