The company confirmed Tuesday that government funding needed to develop, operate and maintain its flagship vulnerability cataloging program would lapse Wednesday. Used extensively across sectors — from private industry to national intelligence agencies — the CVE Program has served as the de-facto global standard for 25 years to help classify cybersecurity vulnerabilities.
In a Wednesday morning statement, a CISA spokesperson said the contract is “invaluable” to the cybersecurity community and an agency priority.
“Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience,” the spokesperson said.
The CVE Program provides a standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities. Each vulnerability is assigned a unique identifier, designed to help security researchers, vendors and officials communicate consistently about the same issue. Agencies like CISA regularly issue vulnerability alerts using CVE-standardized language.
CISA’s announcement of the Tuesday night extension came just hours after a subset of the CVE Board said it plans to break off to maintain the program under a new body called the CVE Foundation.
“Since its inception, the CVE Program has operated as a U.S. government-funded initiative, with oversight and management provided under contract,” the foundation’s announcement said. “While this structure has supported the program’s growth, it has ..
Support the originator by clicking the read the rest link below.
