Funding for the Common Vulnerabilities and Exposures (CVE) program is nearing its end, a critical initiative utilized by large tech companies such as Microsoft, Google, Apple, Intel, and AMD to identify and manage publicly disclosed cybersecurity weaknesses. This system plays an essential role for engineers, helping them assess the severity of various exploits and prioritize the implementation of patches and mitigation strategies.

MITRE, the federally supported organization responsible for overseeing the CVE program, has notified The Verge that its contract to “develop, operate, and modernize” the CVE will conclude on April 16th.

Since its inception in 1999, the CVE program has served as a repository where participating entities can assign unique identifiers to recognized cybersecurity threats. The identifiers follow the format “CVE” followed by the year and a specific number, like CVE-2022-27254. This system enables security professionals to keep track of vulnerabilities that could impact everyday devices and critical information systems.

Security and privacy researcher Lukasz Olejnik expressed concerns on X, stating that diminished support for the CVE program could severely disrupt global cybersecurity efforts. He indicated that the fallout may not only lead to a lack of coordination among various vendors and analysts but could also result in widespread confusion regarding vulnerabilities. “Total chaos, and a sudden weakening of cybersecurity across the board,” he cautioned.

In response to these developments, Yosry Barsoum, MITRE’s vice president and director at the Center for Securing the Homeland, reassured that the government is committed to supporting MITRE’s ongoing involvement in the CVE initiative. He emphasized that changes might also impact the Common Weakness Enumeration program, which focuses on cataloging software and hardware weaknesses, highlighting the interconnected nature of these cybersecurity initiatives.

The situation came to light following a leaked communication to members of the CVE board shared on platforms like X and Bluesky. MITRE receives funding from the US Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to operate and enhance the CVE program as an independent and impartial entity, as outlined in a video detailing the program.

Source
www.theverge.com

Federal Funding for the CVE Program Tracking Security Flaws Set to End

Tesla is Exempt from Reporting Increased Level 2 Crashes Following Trump’s Regulatory Change

Governments Increasingly Utilize Zero-Day Exploits, Says Google

Amazon Must Now Include Tariffs in Pricing Disclosures

Trump Jokes About His ‘Top Pick’ for Pope, Leaving People Hoping He’s Just Trying to Be Funny

Kangaroo Named Sheila Causes Chaos on Alabama Interstate

Vehicles of Fly-Tippers to Be Crushed in Effort to Prevent England’s ‘Avalanche of Rubbish’

Breaking news

Trump Jokes About His ‘Top Pick’ for Pope, Leaving People Hoping He’s Just Trying to Be Funny

Ukraine: Ceasefire as a Vital First Step Towards Lasting Peace

Blue Jays Reinstate Varsho from Injured List

Trinidad and Tobago Election: Opposition Claims Victory

Madison Beer Reflects on Her Nude Photo Leak at 15, Shares Insight on Justin Bieber’s Struggles: ‘He’s Endured So Much’

GM Recalls Nearly 600,000 Trucks and SUVs Due to Engine Failure Risk

Democrats Criticize GOP’s ‘Silence of the Lambs’ as Trump Celebrates 100 Days in Office