Funding for the US Government for the Non-Profit Research Giant Miter for the operation and maintenance of common vulnerabilities and expositions (Cve) The program will end on Wednesday, unprecedented development, which can shake one of the main pillars of the world ecosystem cybersecurity.
The 25-year CVE program is a valuable tool for vulnerability management, which offers the actual standard for detection, definition and directory, publicly reveals security deficiencies using IDS CVE.
Josry Barsum, Vice -President Mitter and Director of the Homeland Security Center (CSH) said he financing for “development, work and modernization of CVE and related programs such as transfer of general weakness (transfer of weakness (weakness transfer (Tica)) will end. “
“When a service break occurred, we assume a lot of impacts on CVE, including deterioration of national databases and recommendations, tool suppliers, response to incidents and all critical infrastructure,” Badgeum noted In a letter sent by CVE board member.
However, Barsum noted that the government continues to “make significant efforts” to support Mitter’s role in the program, and that Miter remains committed to Cve as a global resource.
The CVE program was launched in September 1999 and managed by Miter with Sponsorship US Security Ministry (DHS) and the Cybersecurity and Infrastructure (CISA) security agencies.
In response to this step, the vulncheck cybersecurity firm, which is CVE (CNA), has announced that he actively booked 1000 Cve for 2025 to help fill the void.
“The break is likely to aggravate national vulnerability and recommendations,” Hacker News said Jason Soroka, a senior Sectigo employee.
“This gap can adversely affect the suppliers of the tools, responders to the incidents and critical infrastructure as a whole. Mitter emphasizes his constant commitment, but warns about these potential consequences if the contract’s path is not maintained.”
Tim Peck, Senior Researcher at the Securonix, told Hacker News that the gap could have great consequences for ecosystem cybersecurity, in which CNA and defenders may not be able to receive and publish CVE, which causes delays in the disclosure of vulnerability.
“In addition, the project of a common list of weakness (CWE) is vital for the classification of weakness and priority software,” Peck said. “Its stop will affect the safe practice of coding and risk assessment. The CVE program is a fundamental infrastructure. It is not just a pleasant list, it is the main resource to coordinate vulnerability, priority and responding in the private sector, government and open source.”
