Overview
- CISA has executed an 11-month funding extension for the Common Vulnerabilities and Exposures (CVE) program, preventing an immediate shutdown after its federal contract expired on April 16, 2025.
- The CVE program, managed by MITRE since 1999, is critical for global cybersecurity, providing unique identifiers for software vulnerabilities relied upon by governments, tech companies, and security researchers.
- MITRE warned that a lapse in funding could have disrupted vulnerability tracking, national security databases, and critical infrastructure protection efforts worldwide.
- In response to ongoing funding uncertainties, CVE Board members have launched the CVE Foundation, a nonprofit organization designed to secure the program's independence and eliminate reliance on a single government sponsor.
- The foundation's transition planning is underway, aiming to ensure the program's long-term stability and neutrality, though specifics on its timeline and funding model remain unclear.
 
  
 