CVE's future secured, for now.
CISA has confirmed that the contract to manage the Common Vulnerability and Exposure has been extended.
In a statement sent to Computer Weekly, a CISA spokesperson said: “The CVE Program is invaluable to the cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
A letter circulated earlier this week stating that MITRE’s contract with the Department of Homeland Security was due on Wednesday.
Sylvain Cortes, VP strategy at Hackuity, said: “Although CISA has updated its plans by confirming today that it plans on funding the invaluable CVE program, the future is still uncertain.
“Questions remain if this is a long-term solution or a temporary reprieve. MITRE’s CVE programme is at the heart of how we share and interpret vulnerability intelligence.
“It isn’t just a list of vulnerability numbers; it’s an actionable system which the whole industry relies upon for enriched information on how vulnerabilities are categorised and the products they impact.
“We should also use this as an opportunity for European organisations to get vocal. EU security leaders need to step up and call for ENISA to build a European equivalent to MITRE’s CVE program and move towards an active mode of information enrichment.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
