CVE Program Virtually Unfunded
Mitre’s CVE’s program—which supplies frequent naming and different informational sources about cybersecurity vulnerabilities—was about to be cancelledas the US Division of Homeland Safety did not renew the contact. It was funded for eleven extra months on the final minute.
This can be a massive deal. The CVE program is a type of items of frequent infrastructure that everybody advantages from. Shedding it is going to convey us again to a world the place there’s no single approach to speak about vulnerabilities. It’s sort of loopy to assume that the US authorities would possibly harm its personal safety on this manner—however I suppose no crazier than any of the opposite methods the US is working towards its personal pursuits proper now.
Sasha Romanosky, senior coverage researcher on the Rand Company, branded the top to the CVE program as “tragic,” a sentiment echoed by many cybersecurity and CVE consultants reached for remark.
“CVE naming and project to software program packages and variations are the inspiration upon which the software program vulnerability ecosystem relies,” Romanosky stated. “With out it, we will’t monitor newly found vulnerabilities. We are able to’t rating their severity or predict their exploitation. And we actually wouldn’t have the ability to make the most effective choices relating to patching them.”
Ben Edwards, principal analysis scientist at Bitsight, informed CSO, “My response is disappointment and disappointment. This can be a invaluable useful resource that ought to completely be funded, and never renewing the contract is a mistake.”
He added “I’m hopeful any interruption is temporary and that if the contract fails to be renewed, different stakeholders throughout the ecosystem can choose up the place MITRE left off. The federated framework and openness of the system make this attainable, however it’ll be a rocky highway if operations do must shift to a different entity.”
Extra comparable quotes within the article.
My guess is that we’ll by some means work out easy methods to transition this program to proceed with out the US authorities. It’s too necessary to be in danger.
EDITED TO ADD: One other good article.
Posted on April 16, 2025 at 11:19 AM •
24 Feedback
#CVE #Program #Unfunded #Schneier #Safety