The CVE program that tracks software vulnerabilities will not lose its funding after all. The security world breathes a sigh of relief.
Mitre, the organization overseeing the well-known CVE program, will still be able to rely on funds from the US government. This was confirmed by a spokesperson for the American security organization CISA to Bleeping Computer. For a moment, things looked bleak for the program when Mitre announced that its funding would be cut off on April 16 due to a lack of government funds.
CVE, short for Common Vulnerabilities and Exposures, plays an important role in global IT security. The CVE database maintains an overview of known vulnerabilities in software tools. Each vulnerability is therefore denoted by a CVE code. Since the program’s foundation in 1999, more than 275,000 vulnerabilities have been registered.
Total Chaos
The news that the program would no longer receive support from the US government, its main funder, caused unrest among security experts. Terms like ‘total chaos’ and ‘global paralysis of cybersecurity’ were used by experts on social media.
“If there were to be an interruption in service, we expect multiple consequences including a deterioration of (inter)national vulnerability databases and advisories, tool suppliers, and incident response operations for critical infrastructure,” Yosry Barsoum of Mitre states more nuancedly to Bleeping Computer.
The organization seems to have realized that it’s better to become less dependent on the US government. You never know when Donald Trump might change his mind again. Therefore, the non-profit organization CVE Foundation was established. It is less tied to the government, allowing it to raise funds elsewhere.
Many European companies also rely on the American CVE database to stay informed about vulnerabilities in software products they use. Less well-known is EUVD, the European counterpart managed by ENISA. As part of the NIS2 legislation, the European Union decided to establish its own system for tracking vulnerabilities.
read also