CVE Program Secures Extension Amid Funding Uncertainty

The Common Vulnerability and Exposures (CVE) repository is a crucial component in the realm of information security, answering essential questions about the nature and function of various security issues. Established over 25 years ago, the CVE program is a cornerstone of global cybersecurity discussions and responses, frequently referenced in key reports and analyses, including those by Ars Technica.

Recently, the CVE program faced the significant risk of closure as its contract, managed by the nonprofit MITRE under the auspices of the U.S. Department of Homeland Security (DHS), was set to expire on April 16. A letter from Yosry Barsoum, MITRE’s vice president, alerted CVE board members about the impending threat to the program’s operations.

Barsoum articulated the potential ramifications of a service interruption, which could adversely affect national vulnerability databases, advisory services, tool development vendors, incident response efforts, and various elements of critical infrastructure. “If a break in service were to occur, we anticipate multiple impacts to CVE,” he noted.

In a timely intervention, the Cybersecurity & Infrastructure Security Agency (CISA) announced that it had executed an option period on the contract to ensure the continuity of services. This decision, communicated to security platform BleepingComputer, was described as a vital step to avoid any lapse in the essential services associated with CVE. A spokesperson for CISA expressed appreciation for the patience shown by partners and stakeholders during this critical period.

Reports indicate that CISA has extended funding for the CVE program for an additional 11 months, with discussions focusing on potential expiration times of midnight on April 15 or 16. An uninterrupted continuation of CVE services is important given its foundational role in global cybersecurity.

In response to the challenges facing the program, several members of the CVE board initiated the formation of the CVE Foundation, a nonprofit aimed at securing a more stable future for the CVE program than current governmental support allows. “While we had hoped this day would not come, we have been preparing for this possibility,” stated the CVE Foundation’s press release. The pressing need for a robust and secure CVE program was echoed by Kent Landfield, a foundation officer, emphasizing its importance to the global cybersecurity infrastructure.

Source
arstechnica.com

CVE, the Global Cybersecurity Information Resource, Was Hours Away from Being Defunded by DHS

CVE Program Secures Extension Amid Funding Uncertainty

Trump Administration Hits Back as Amazon Considers Highlighting Tariff Costs on Its Platform

EA Cuts Jobs and Cancels Titanfall Game

Firefly’s Rocket Experiences One of the Most Unusual Launch Failures in History

Idina Menzel Suggests She Should Receive Royalties for Frozen Halloween Costumes

Photos from TeenBookCon 2025

Amber Gray, Taylor Iman Jones, and More to Star in Arena Stage’s A WRINKLE IN TIME

Breaking news

4/29: CBS News Daily Briefing

Americans Nationwide Evaluate President Donald Trump’s First 100 Days

Wall Street’s Latest Stock Split: Surging Over 127,100% Since IPO, Now Initiating Its 9th Split in 37 Years

New Brunswick Musician Turned MP David Myles Pledges to “Get to Work Immediately”

Swedish Police Detain Teenager Following Uppsala Shooting That Left Three Dead

Raj Kapoor Didn’t Want Mumtaz to Work After Marrying Shammi Kapoor: ‘Bahu Shouldn’t Work…’

Lori Vallow Daybell Found Guilty – CBS News