Particle.news
Download on the App Store
8 ARTICLES
·
last wk.

Funding for Critical CVE Cybersecurity Program Expires, Leaving Future Uncertain

MITRE's contract to manage the CVE program has lapsed, prompting urgent discussions with the U.S. government as the cybersecurity industry braces for potential disruptions.

Image
Image
Image
Image

Overview

  • The U.S. government has allowed its funding for MITRE's Common Vulnerabilities and Exposures (CVE) program to expire as of April 16, 2025, with no immediate replacement or renewal confirmed.
  • MITRE confirmed that while historical CVE records remain accessible on GitHub, the assignment of new CVE identifiers has ceased, threatening global vulnerability coordination.
  • Industry leaders warn that the lapse could lead to confusion, weaken global cybersecurity operations, and disrupt critical infrastructure reliant on standardized vulnerability tracking.
  • The related Common Weakness Enumeration (CWE) program, which catalogs software and hardware weaknesses, is also affected by the funding expiration.
  • MITRE and U.S. government agencies, including DHS and CISA, are engaged in urgent discussions to restore funding and avoid prolonged operational gaps in the CVE program.