Summary: The MITRE Corporation has received a temporary extension of its contract with CISA to operate the Common Vulnerabilities and Exposures (CVE) program for an additional 11 months, alleviating concerns over potential disruptions. However, the contractβs future after this extension remains uncertain, prompting discussions about the establishment of a new non-profit organization, the CVE Foundation, to ensure the program’s sustainability. The CVE program is crucial for cyber vulnerability identification, relied upon by various sectors globally.
Affected: MITRE Corporation, CVE program, Cybersecurity and Infrastructure Security Agency (CISA)
Keypoints :
- Contract with MITRE extended for 11 months to prevent lapse in CVE services.
- Concerns arose over the program’s future reliance on U.S. government funding.
- The new CVE Foundation aims to ensure long-term viability and independence of the CVE program.
- Historical CVE records will be preserved on GitHub regardless of contract status.
- The initiative could lead to more international governance in the cybersecurity landscape.
Source: https://therecord.media/cisa-extends-cve-program-contract-with-mitre