Used extensively across sectors — from private industry to national intelligence agencies — the CVE Program provides a standardized framework for identifying vulnerabilities and plays a central role in vulnerability management practices. It was first launched in 1999.
Funding for related programs run by the organization, such as the Common Weakness Enumeration program, will also expire tomorrow, Yosry Barsoum, who directs MITRE’s Center for Securing the Homeland, said in a statement.
The CVE Program provides a standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities. Each vulnerability is assigned a unique identifier, designed to help security researchers, vendors and officials communicate consistently about the same issue. Agencies like the Cybersecurity and Infrastructure Security Agency regularly issue vulnerability alerts using CVE standardized language.
“The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource,” Barsoum said.
Rumors about the expiration in funding surfaced Tuesday when an internal memo purportedly sent to CVE board members from Barsoum made its way across social media. MITRE confirmed the legitimacy of the message to Nextgov/FCW and said it was sent to the CVE board Tuesday morning.
“If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure,” the notice warned.
The CVE Program has cata ..
Support the originator by clicking the read the rest link below.
