Summary: MITRE Corporation is set to lose its stewardship of the CVE program, which catalogs public cybersecurity vulnerabilities, as the federal government has decided not to renew its contract. This decision will halt the addition of new CVEs and could significantly impact cybersecurity efforts nationwide, as the program is crucial for vulnerability identification across various sectors. Experts warn that the expiration of the contract might escalate risks to national security due to a potential disruption in vulnerability management.
Affected: MITRE Corporation, CVE Program, Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA)
Keypoints :
- MITRE’s contract for the CVE program will not be renewed after April 16, affecting the cataloging of vulnerabilities.
- The CVE program is essential for various organizations in cybersecurity and critical infrastructure.
- Experts express concern over potential national security implications due to the interruption in the CVE services.
- The expiration may lead to the deterioration of national vulnerability databases and hinder response operations.
Source: https://therecord.media/mitre-warns-of-cve-program-lapse-contract-expires