The US government’s funding for MITRE’s Common Vulnerabilities and Exposures (CVE) program will expire on Wednesday, the non-profit organization confirmed. The CVE program is a global standard for vulnerability identification and management, relied upon by organizations across industry, government, national security, and critical infrastructure.
Developed in 1999, the CVE program provides a standardized framework for identifying vulnerabilities and plays a central role in vulnerability management practices. It has cataloged nearly 275,000 records and stores historical data on its GitHub repository. The program’s standardized language is used by agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) to issue vulnerability alerts.
The funding lapse is expected to have significant impacts, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and critical infrastructure. CISA is also facing budget cuts across several teams, including contractors, which has raised concerns about the program’s continued support.
Lawmakers, including House Science Committee Ranking Member Zoe Lofgren and Committee on Homeland Security Ranking Member Bennie Thompson, have criticized the funding lapse as “reckless and ignorant” and warned that it will undermine global cybersecurity. A spokesperson for the Department of Homeland Security (DHS) declined to comment on the matter.
Source: https://www.nextgov.com/cybersecurity/2025/04/mitre-backed-cyber-vulnerability-program-lose-funding-wednesday/404585