CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program
“To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse,”
https://cyberscoop.com/cve-program-funding-crisis-cve-foundation-mitre/
This Week in Security: No More CVEs, 4chan, and Recall Returns - The sky is falling. Or more specifically, it was about to fall, according to the s... - https://hackaday.com/2025/04/18/this-week-in-security-no-more-cves-4chan-and-recall-returns/ #thisweekinsecurity #hackadaycolumns #securityhacks #recall #mitre #vibes #news #cves
As part of the 2022 EU NIS2 directive, the EU agency for cybersecurity (ENISA) has been setting up the EU Vulnerability Database (EUVD) at https://euvd.enisa.europa.eu/ (now in beta).
Started as a collaboration with MITRE's authoritative CVE database, EUVD may now end up replacing it, as US funding for the CVE database has stopped.
Saved at the final hour!
Security Database Used by Apple Goes Independent After Funding Cut [Updated]
https://www.macrumors.com/2025/04/16/security-database-used-apple-goes-independent/
The US Cybersecurity and Infrastructure Security Agency (CISA) has moved to secure continued operations of the Common Vulnerabilities and Exposures (CVE) programme by extending its contract with MITRE, preventing a potentially disruptive lapse in critical cybersecurity services.
https://www.computing.co.uk/news/2025/security/cisa-extends-mitre-s-bug-tracking-funding-for-now
In the very last minute, CISA extends funding to ensure 'no lapse in critical CVE services' for the next 11 months. Potential catastrophe of epic proportions averted....for now.
The CVE program narrowly avoided shutdown as #CISA stepped in to extend MITRE’s contract.
Read: https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/
In a last minute change, #CISA extended its contract with #MITRE to run the #CVE Program until March 2026 but there are already multiple efforts to create alternative, international versions of the platform outside of the control of the US government
https://therecord.media/cisa-extends-cve-program-contract-with-mitre
Just as it looked like the US government was set to let funding expire for the CVE program that tracks cybersecurity vulnerabilities, the contract has been extended by 11 months. But the close call has led to the formation of a non-profit that could reduce the reliance on govt funding long-term. https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/ #CISA #CVE #MITRE #security
CVE Foundation Launched to Secure the Future of the CVE Program https://www.thecvefoundation.org/ #Mitre #cybersecurity #infosec @GossiTheDog
MITRE CVE Contract Extended Just Before Expiration https://thecyberexpress.com/mitre-cve-contract-extended-before-expiration/ #TheCyberExpressNews #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberNews #MITRE #CISA #CVE #NVD
U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.
The security industry is panicking over the potential loss of the #CVE program. Run by the #MITRE non-profit, the CVE database is a critical tool for tracking the status of vulnerabilities.
#CISA just announced a temporary reprieve, but the dangers are obvious. In #SBBlogwatch, we look for the opportunities.
@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/04/mitre-cve-funding-crisis-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
Some interessting stuff happening
https://www.thecvefoundation.org replied with https://bsky.app/profile/tib3rius.bsky.social/post/3lmw4qecvv22t
Die Cybersecurity and Infrastructure Security Agency (CISA) arbeitet dringend daran, die Auswirkungen zu mildern und CVE zu erhalten, ist jedoch selbst von erheblichen Kürzungen und Chaos dank Elon Musks DOGE betroffen.
Zum Artikel: https://heise.de/-10353326?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
So...besides @mcfly, who else do I know on here that has to manage vulnerabilities for large code bases and deployments as part of their job?
It might be a bit early, seeing that Dear Leader tends to flip-flop on these kinds of unpopular decisions, but I think it might be wise to at least prepare, and organize a forum to talk about a post-MITRE world?
@chrisw +9001% @bsi täte gut daran, #MITRE-Personal und die #CVE-Datenbank zu beerben.
Die #USA versinken im #Cybersecurity Chaos - mit globalen Auswirkungen: Gestern wurde bekannt, dass die amtierende US-Regierung die Finanzierung der globalen Schwachstellendatenbank #CVE der gemeinnützigen #Mitre Corporation nicht verlängert.
Die Auswirkungen für die #Cybersicherheit wären weltweit fatal, denn durch CVE erhalten gemeldete Schwachstellen eine eindeutige Identifikationsnummer und lassen sich so zweifelsfrei zuordnen.
https://www.heise.de/news/US-Kuerzungen-CVE-Liste-koennte-sofort-stoppen-10353326.html
