CISA Extend Funding to MITRE to Keep CVE Program Running

The Cybersecurity and Infrastructure Security Agency (CISA) has extended funding to the MITRE Corporation, ensuring the continued operation of the Common Vulnerabilities and Exposures (CVE) program, a linchpin of global cybersecurity.

Announced late on April 15, 2025, just hours before the program’s funding was set to expire, the 11-month extension averts a crisis that could have disrupted vulnerability tracking worldwide.

Since 1999, MITRE has managed the CVE program, which catalogs and tracks cybersecurity vulnerabilities, providing a standardized framework for governments, industries, and researchers. With over 274,000 records, the CVE database is critical for vulnerability management, incident response, and protecting critical infrastructure.

The program assigns unique CVE Identifiers (CVE IDs) through over 400 CVE Numbering Authorities (CNAs), including tech giants like Microsoft and Google, enabling coordinated disclosure of software and hardware flaws.

On April 15, MITRE’s Yosry Barsoum warned that the Department of Homeland Security (DHS) contract funding ...