CISA Extends CVE Program Contract with MITRE for 11 Months Amid Alarm Over Potential Lapse
The MITRE Corporation has secured an 11-month extension to operate the CVE program, ensuring it continues to provide vital services to the cybersecurity community. This decision comes as federal officials from the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the extension following widespread concerns about a possible gap in the programme’s funding and operations.
Key Points
- The contract, originally valued at $57.8 million, was set to expire, prompting concerns over continuity in CVE services.
- CISA expressed confidence in MITRE’s role, calling the CVE program an “invaluable” resource.
- Without renewed funding, new Common Vulnerabilities and Exposures (CVEs) would halt, risking the integrity of the cybersecurity landscape.
- A coalition of CVE Board members announced the establishment of the CVE Foundation to ensure the programme’s long-term stability and independence from government funding.
- The CVE Foundation aims to transition the program to a non-profit model, addressing sustainability concerns and promoting international governance.
Why should I read this?
If you’re even slightly invested in cybersecurity—or just want to know what’s happening behind the scenes—this article is a must-read. It dives into the critical CVE program’s future and the establishment of a new foundation that could change the landscape of vulnerability management. Don’t miss out on understanding how these developments could impact your security strategy down the line!
Source: CISA Extends CVE Program Contract with MITRE for 11 Months Amid Alarm Over Potential Lapse