The US Cybersecurity and Infrastructure Security Agency (CISA) has extended funding to the MITRE Corporation, ensuring continuity of critical Common Vulnerabilities and Exposures (CVE) program services. The 11-month extension avoids a potential lapse in service that could have disrupted the cybersecurity industry.
CISA stated that the CVE Program is essential to the cyber community and a top priority for the agency. The extension follows a warning from MITRE’s Vice President Yosry Barsoum, who said government funding for the CVE and CWE programs was set to expire on April 16, potentially causing widespread disruption.
The MITRE Corporation maintains the widely adopted CVE program with funding from the US National Cyber Security Division of the US Department of Homeland Security. The program provides accuracy, clarity, and shared standards when discussing security vulnerabilities.
In response to the government’s actions, MITRE expressed appreciation for the support received from the global cyber community, industry, and government over the past 24 hours. The company remains committed to the CVE and CWE programs as global resources.
Additionally, a group of CVE Board members announced the launch of the CVE Foundation, a non-profit organization aiming to secure the program’s independence. The foundation plans to transition the program away from single-government sponsorship and ensure its sustainability and neutrality.
The European Union Agency for Cybersecurity has also launched a European vulnerability database (EUVD), which adopts a multi-stakeholder approach by collecting publicly available vulnerability information from multiple sources.
Source: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services