News U.S. Federal Funding for the CVE Program is Ending

[hannibal2003]

April 15, 2025: News has emerged that U.S. federal funding for the CVE program will end on April 16. There has been no official confirmation or denial yet.

The CVE program, which is funded by the MITRE organization, is responsible for assigning identifiers like "CVE-2024-12345" to security vulnerabilities, allowing companies and organizations to deal with the same vulnerability in a consistent manner.

The problem now is that if the funding stops, MITRE may no longer be able to maintain the same quality or even continue registering CVEs in the same way. As a temporary solution, vulnerabilities may still be published on GitHub, but the coordination and documentation would likely stop.

This could lead to a type of chaos among researchers, developers, and governments, as everyone might name vulnerabilities however they wish, making it harder to defend against attacks.

MITRE stated that it will try to continue as much as possible, but funding is essential for sustainability.

Some analysts say this situation could impact global cybersecurity and affect critical infrastructure.

Sources:

This link is hidden for visitors. Please Log in or register now.

This link is hidden for visitors. Please Log in or register now.

This link is hidden for visitors. Please Log in or register now.

 

[dEEpEst]

I think this news is quite important. The outlook could change if vulnerabilities aren't properly recorded. It would certainly be more difficult for the blue team if they don't know about the vulnerability until they're affected. On the other hand, the system can't rely on funding from one country because these things happen, at least not just one.

 

[dEEpEst]