Particle.news
Download on the App Store
21 ARTICLES
·
last wk.

CVE Program Secures 11-Month Funding Extension and Plans for Independent Governance

A last-minute decision by CISA ensures continued operations for the global cybersecurity database while a new nonprofit foundation aims to address long-term stability concerns.

Image
Image
Image
Image

Overview

  • CISA has executed an 11-month funding extension for the Common Vulnerabilities and Exposures (CVE) program, preventing an immediate shutdown after its federal contract expired on April 16, 2025.
  • The CVE program, managed by MITRE since 1999, is critical for global cybersecurity, providing unique identifiers for software vulnerabilities relied upon by governments, tech companies, and security researchers.
  • MITRE warned that a lapse in funding could have disrupted vulnerability tracking, national security databases, and critical infrastructure protection efforts worldwide.
  • In response to ongoing funding uncertainties, CVE Board members have launched the CVE Foundation, a nonprofit organization designed to secure the program's independence and eliminate reliance on a single government sponsor.
  • The foundation's transition planning is underway, aiming to ensure the program's long-term stability and neutrality, though specifics on its timeline and funding model remain unclear.