Mitre's CVE Program Nearly Defunded After U.S. Department of Homeland Security Fails to Renew Contract

The Mitre CVE program, which provides a common nomenclature and other information resources on cybersecurity vulnerabilities, nearly faced cancellation after the U.S. Department of Homeland Security did not renew the contract. Funding was extended by eleven months at the last minute. Sasha Romanosky, a policy researcher at Rand Corporation, described the potential end of the CVE program as "tragic," emphasizing that the CVE nomenclature and attribution are essential for tracking new vulnerabilities, assessing their severity, and making informed decisions about patches. Ben Edwards, principal research scientist at Bitsight, expressed sadness and disappointment over the situation, hoping for a swift transition if the contract is not renewed.