The Miter non -profit organization, which maintains the common database of vulnerabilities and exhibitions (CVE), said on April 15 that the financing of the United States government for its operations would expire without renewal; However, during a last -minute reversal announced on the morning of April 16, Cisa said he had prolonged support for the database. At the same time, the members of the CVE board of directors founded the CVE Foundation, a non -profit organization not affiliated with the American federal government, to maintain the CVE program.
The CVE program, which has been in place since 1999, is an essential way to report and follow vulnerabilities. Many other cybersecurity resources, such as Microsoft patch Tuesday Update and report, see CVE numbers to identify faults and fixes. The organizations called CVE numbering authorities are associated with the implementation and authorized to allocate CVE numbers.
“CVE underpins a huge part of the management of vulnerability, response to incidents and critical infrastructure protection,” wrote Casey Ellis, founder of Crowdsourced Cybersecurity Hubcrowd, in an email at TechrePublic. “A sudden interruption of services has the very real potential to get a national security problem in a short time.”
The funds had to run out of Miter without renewal
A Letter sent to the members of the board of directors of CVE started to circulate on Tuesday on social networks.
“The path of current contracts so that MITER develops, exploits and modernizes CVE and several other related programs, such as CWE, will expire,” said the letter from Yosry Barsoum, vice-president and director of the Center for Seculing the Homeland, a Miter division.
The CWE is an enumeration of common weakness, the list of hardware and software weaknesses.
“The government continues to make considerable efforts to continue the role of Miter in the support of the program,” wrote Barsoum.
Miter is traditionally funded by the Ministry of Internal Security.
Download: Protect your business with our Freada and customizable Network security policy.
Miter did not answer TechrePublic questions about the cause of expiration or what cybersecurity professionals can then expect.
The Foundation did not specify whether the reduction in financing is linked to the slaughter widespread by the Ministry of Government efficiency (DOGE).
The CVE Foundation lays the foundations for a new system in the past year
Before the CISA's announcement, an independent foundation said they were ready to intervene to continue the CVE program. The CVE Foundation is a non -profit organization dedicated to maintaining the submission program and the CVE database.
“Although we hoped that this day would not come, we were preparing for this possibility.” wrote an anonymous Representative of the CVE Foundation in a press release Wednesday. “In response, a coalition of long -standing members of the board of directors of CVE Active spent last year developing a CVE transition strategy towards a dedicated and non -profit foundation.”
The CVE Foundation plans to detail its structure, its calendar and its opportunities for participation in the future. With the CISA extending funding, the foundation may not yet be necessary – although it can be reassuring to know that its services and backups are available.
