CVE program faces swift end after DHS fails to renew contract
a year ago
- #cybersecurity
- #DHS-funding
- #CVE-program
- MITRE’s Common Vulnerabilities and Exposures (CVE) program will end on April 16, 2025, after DHS did not renew its funding contract.
- Experts describe the end of the CVE program as 'tragic,' highlighting its foundational role in cybersecurity defense.
- The CVE program is crucial for tracking, scoring, and managing software vulnerabilities globally.
- MITRE will no longer update the CVE database after April 16, but historical records will remain available on GitHub.
- The termination of the contract raises concerns about the future of vulnerability management and the potential emergence of a private sector alternative.
- CISA is working to mitigate the impact of the contract lapse and maintain CVE services for global stakeholders.