Skip to content

MITRE-backed CVE program to lose funding for operations

  • by
  • 2 min read

The funding required for non-profit research organisation MITRE to maintain, operate, and improve the Common Vulnerabilities and Exposures (CVE) Program, launched in 1999, is set to expire on Wednesday, the company said. The CVE program is a system used by well-known companies such as Google, Microsoft, Apple, AMD, and Intel to identify, mitigate, and fix publicly disclosed security vulnerabilities.

The director of MITRE’s Centre for Securing the Homeland, Yosry Barsoum, said that funding for related company programs, such as the Common Weakness Enumeration program, will also expire on the same day.

The CVE program contains a database that participating organisations can use to identify and assign identification numbers (IDs) to known security flaws. The IDs are made of the letters “CVE” followed by a year and a unique number assigned to the vulnerability. This allows cybersecurity professionals to monitor details of flaws that may affect devices and systems used daily.

A cybersecurity and privacy researcher, Lucas Olejnik, said in a post on X that the move, “will effectively (at least temporarily) cripple the global cybersecurity system.” He further said that it will lead to a breakdown in coordination between vendors, analysts and defense systems as there may be uncertainty when faced by the same vulnerability.

The principal security researcher at security firm Huntress, John Hammond, said that letting go of the CVE program would be like losing the, “language and lingo we used to address problems in cybersecurity.” Without the system, the common catalogue used currently used by several companies will be lost resulting in organisations having either a different or no information on the same problem which can be further exploited by threat actors.

The letter to the CVE board members was first leaked on X and Bluesky. The company receives funding from the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).

The notice stated that the break in service is expected to have multiple impacts to CVE, including the deterioration of worldwide vulnerability advisories and databases, tool vendors, incident response operations and critical infrastructure. The CVE program has catalogued over 274,000 records and stores historical records on its GitHub repository.

In the News: Google blocked over 5 billion ads in 2024, claims new report

Arun Maity

Arun Maity

Arun Maity is a journalist from Kolkata who graduated from the Asian College of Journalism. He has an avid interest in music, videogames and anime. When he's not working, you can find him practicing and recording his drum covers, watching anime or playing games. You can contact him here: arunmaity23@proton.me

Related Reads

This is an image of wordpress featured 9924

Ad-fraud operation monetises piracy via WordPress plugins

Photo: koshiro k/shutterstock. Com

OpenAI’s o3 model scores lower than initially promised

  • by
  • AI, In News
This is an image of spyware on pc

Russian hosting provider abused for malware delivery

What is a hack? 9 different types of hackers you must know about

Kimsuky-linked APT campaign exploits RDP and MS Office flaws

This is an image of instagram featured

Meta expands AI-powered age verification on Instagram

This is an image of gmail featured 134

Google OAuth flaw exploited to bypass Gmail security filters

>