The termination of the contract between the Department of Homeland Security (DHS) and MITRE has raised significant concerns within the cybersecurity community. Experts highlight several critical implications of this decision. First, the federated model along with the CVE Numbering Authorities (CNA) will no longer be able to assign identification numbers and relay information to MITRE for expeditious publication. This disruption jeopardizes the foundation upon which the National Vulnerability Database (NVD) operates, which is already facing severe challenges, including a backlog exceeding 30,000 vulnerabilities, compounded by the recent identification of over 80,000 cases marked as ‘deferred’—indicating they won’t be thoroughly assessed under current standards.

In addition, as Martin noted, companies that maintain their own vulnerability databases—often viewed as mere enhancements to the CVE framework—will need to seek alternative sources for intelligence. National vulnerability databases in countries like China and Russia are expected to experience significant reductions in updates, particularly with Russia lagging more than China. Furthermore, numerous National and Regional Computer Emergency Response Teams (CERTs) globally will lose access to this vital source of free vulnerability intelligence. The repercussions for businesses worldwide that depended on CVE/NVD for vulnerability management could be swift and severe, resulting in disruptions to their operations.

Reasons Behind the Contract’s Conclusion

The rationale for DHS’s abrupt decision to discontinue the contract, which has been in place for 25 years, is not entirely clear. Factors contributing to this development may include a broader trend of budget cuts initiated during the Trump administration. A specific focus has been on slashing expenditures across various government sectors, particularly within the Cybersecurity and Infrastructure Security Agency (CISA), the division responsible for funding the MITRE CVE program.

Source
www.csoonline.com

CVE Program on the Brink of Termination as DHS Neglects to Renew Contract, Unsettling Security Flaw Tracking

Reasons Behind the Contract’s Conclusion

Broadcom-Supported SAN Devices Vulnerable to Code Injection Attacks Due to Critical Fabric OS Flaw

Cyberattack on berlin.de | CSO Online

The Rising Tide of Intrusions: Increased Stolen Credentials and Perimeter Exploits Amid Declining Phishing Attacks

Trump Jokes About His ‘Top Pick’ for Pope, Leaving People Hoping He’s Just Trying to Be Funny

Kangaroo Named Sheila Causes Chaos on Alabama Interstate

Vehicles of Fly-Tippers to Be Crushed in Effort to Prevent England’s ‘Avalanche of Rubbish’

Breaking news

Trump Jokes About His ‘Top Pick’ for Pope, Leaving People Hoping He’s Just Trying to Be Funny

Ukraine: Ceasefire as a Vital First Step Towards Lasting Peace

Blue Jays Reinstate Varsho from Injured List

Trinidad and Tobago Election: Opposition Claims Victory

Madison Beer Reflects on Her Nude Photo Leak at 15, Shares Insight on Justin Bieber’s Struggles: ‘He’s Endured So Much’

GM Recalls Nearly 600,000 Trucks and SUVs Due to Engine Failure Risk

Democrats Criticize GOP’s ‘Silence of the Lambs’ as Trump Celebrates 100 Days in Office