INSUBCONTINENT EXCLUSIVE:
The Common Vulnerability and Exposures, or CVE, repository holds the answers to some of information security's most vital questions
Namely, which security issue are we talking about, exactly, and how does it work?The 25-year-old CVE program, an essential part of global
cybersecurity, is cited in nearly any discussion or response to a computer security issue, including Ars posts
CVE was at real risk of closure after its contract was set to expire on April 16
The nonprofit MITRE runs CVE and related programs (like Common Weakness Enumeration, or CWE) on a contract with the US Department of
A letter to CVE board members sent Tuesday by Yosry Barsoum, vice president of MITRE, gave notice of the potential halt to operations."If a
break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and
advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum wrote.Late Tuesday, the
Cybersecurity - Infrastructure Security Agency (CISA) "executed the option period on the contract" to ensure a continuation of services,
CISA told security site BleepingComputer
"We appreciate our partners' and stakeholders' patience," a CISA spokesperson was quoted as saying.Nextgov reports that CISA's extension is
News reports have cited midnight on either April 15 or 16 as the potential time when CVE funding would expire.The potential loss of crucial
infrastructure for global cybersecurity led some CVE board members to launch the CVE Foundation, a nonprofit pledged to ensure a more secure
future for the CVE program than the US government can provide at the moment
"While we had hoped this day would not come, we have been preparing for this possibility," the group's press release said
Foundation, said in the release.
