Summary: The impending expiration of U.S. government funding for MITRE’s Common Vulnerabilities and Exposures (CVE) program poses significant threats to the cybersecurity ecosystem, potentially resulting in the deterioration of national vulnerability databases and response operations. The program, which has categorized over 274,000 security flaws over 25 years, is crucial for vulnerability management and coordination across various sectors. Experts warn that a service break could impact the ability of organizations to efficiently manage and disclose vulnerabilities.
Affected: MITRE, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity tool vendors, incident response operations, critical infrastructure
Keypoints :
- The CVE program, launched in 1999, is essential for identifying and cataloging security vulnerabilities.
- Experts warn that lapses in funding could lead to delays in vulnerability disclosures and hinder secure coding practices.
- VulnCheck has proactively reserved CVEs for 2025 to mitigate potential disruptions caused by the funding expiration.
- MITRE has assured its commitment to the CVE program despite the funding challenges, stressing the need for ongoing support.
Source: https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html