The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed it has extended MITRE’s funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs, avoiding any disruption. The extension covers 11 months, ensuring continuity after urgent warnings that expiration could destabilize vulnerability management across industries. Meanwhile, members of the CVE Board have announced the creation of the CVE Foundation, aiming to secure the program’s independence and sustainability beyond U.S. government control.
Expert Analysis:
This rapid intervention shows a strong awareness of how critical CVE has become to global cybersecurity stability. CISA’s decision to maintain funding underlines the recognition that vulnerability coordination is a strategic national and international asset.
The creation of the CVE Foundation is a necessary evolution, ensuring that the management of vulnerability standards remains neutral, community-driven, and resilient. Today’s actions preserve operational security, but long-term independence will be the real safeguard against future political or budgetary disruptions.
Read the full article here.
