In a last-minute effort to prevent the expiration of a crucial contract, the United States Cybersecurity and Infrastructure Security Agency (CISA) renewed funding for the Common Vulnerabilities and Exposures (CVE) Program. Managed by the nonprofit MITRE, this program is pivotal in global cybersecurity, offering essential data and services for digital defense. The CVE Program operates under the governance of a board that sets agendas and priorities, executed using CISA’s funding. A CISA spokesperson confirmed an 11-month extension of the contract with MITRE, emphasizing the program’s importance. However, concerns persist about the long-term sustainability of the CVE Program due to its reliance on a single government sponsor. This led some board members to propose transitioning the project into a new nonprofit entity, the CVE Foundation. While CISA’s intervention relieved immediate fears, the future remains uncertain. Experts stress the necessity of maintaining this globally consumed resource, urging a shift towards community-supported funding. The operational costs, though significant, pale in comparison to potential losses from unpatched vulnerabilities. — new from WIRED
