CISA Extends Support a Last Minute to CVE Program, Averting Global Cybersecurity Crisis

CISA announced an eleventh-hour contract extension with MITRE Corporation to maintain the Common Vulnerabilities and Exposures (CVE) program, narrowly avoiding a lapse in federal funding that threatened to destabilize vulnerability management worldwide.

The move came just hours before the program’s expiration deadline on April 16, 2025, preserving a system that has served as the backbone of cybersecurity coordination for over two decades.

The CVE program, established in 1999 and operated by MITRE under a contract with the U.S. Department of Homeland Security (DHS), assigns unique identifiers to publicly disclosed cybersecurity vulnerabilities.

CVE Program’s Critical Role in Cybersecurity

These identifiers, known as CVE entries, enable standardized communication across industries, governments, and security tools, forming the foundation for patch management, threat intelligence sharing, and incident response.

Without this system, organizations would face chaos in tracking and mitigating vulnerabilities, exacerbating risks to critical infrastructure, financial systems, and consumer devices.

Concerns ...