CVE Program Stays Online as CISA Backs Temporary MITRE Extension
hackread.comMITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of vulnerability tracking.
MITRE’s role in managing the CVE (Common Vulnerabilities and Exposures) program will continue, thanks to a last-minute contract extension confirmed this week. While the immediate risk of disruption has been avoided, the situation raised concerns about the long-term stability of the program and how critical infrastructure like CVE is supported going forward.
A Last-Minute Reprieve
On April 15, MITRE sent a letter to CVE Board members warning that its current contract to manage CVE and related efforts such as CWE (Common Weakness Enumeration) would expire the next day, April 16, 2025. In the letter, MITRE VP Yosry Barsoum wrote:
“If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE