MITRE warns of lapse with CVE program as contract with US set to expire
The MITRE Corporation has raised alarms regarding the potential ending of its stewardship over the CVE program, a crucial cybersecurity initiative, as its contract with the federal government is set to expire this week.
Summary
On April 16, MITRE indicated that its funding to “develop, operate, and modernize the CVE Program” could cease, leading to no new CVEs being added and the eventual shutdown of the CVE programme website. This program is essential for identifying public cybersecurity vulnerabilities relied upon by numerous organisations globally.
Despite efforts from MITRE and the Department of Homeland Security (DHS) to continue the program, uncertainty looms as CISA (Cybersecurity and Infrastructure Security Agency) is working urgently to mitigate the impacts of this potential lapse. Experts in cybersecurity are wary that interruptions in the CVE program could escalate into serious national security issues.
Key Points
- MITRE’s contract to manage the CVE program will not be renewed, with significant implications for cybersecurity protocol.
- The CVE program, crucial for global organisations, may cease adding new vulnerabilities, risking data security.
- There are ongoing discussions between MITRE and DHS in hopes to secure a future for the CVE program.
- Industry experts describe the potential loss of the CVE resource as a national security risk.
- Historical CVE records will remain accessible on GitHub despite the program’s funding expiration.
Why should I read this?
If you care about cybersecurity — and let’s be honest, who doesn’t these days? — then you’ll want to pay attention to this. The CVE program underpins a massive amount of vulnerability management and incident response across numerous sectors. Losing this resource could hit hard and fast, so it’s a real eye-opener to stay in the loop about what might come next!
“`