CVE program gets last-minute funding from CISA – and maybe a new home

In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.

This comes after the Feds decided not to renew their long-standing contract with nonprofit research hub MITRE to operate the CVE database. That arrangement was due to expire today, but now the money's coming through to continue the crucial service.

"The CVE program is invaluable to the cyber community and a priority of CISA," a spokesperson for the US Cybersecurity and Infrastructure Security Agency, aka CISA, told The Register Wednesday.

"Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

Also in response to long-standing concerns and fresh uncertainty triggered by MITRE yesterday disclosing that federal support was about to end, CVE board members today announced the formation of ...