CVE Facing Potential Save as Foundation Forms

share
Header image

CVE Facing Potential Save as Foundation Forms

share

The CVE Foundation aims to continue the work of MITRE.

The future of the Common Vulnerabilities and Exposures (CVE) database may not be over.

Following the announcement of the end of the MITRE and Department of Homeland Security contract over the CVE database maintenance, a new organisation has been formally established to ensure the long-term viability, stability, and independence of the CVE program.

Announced in a statement, the CVE Foundation said it has been “formally established to ensure the CVE Program. Saying it has been preparing for the possibility of MITRE’s contract not being renewed, active CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation.

Kent Landfield, an officer of the Foundation, said: “Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work—from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats.”

Continuing Mission

The statement said the CVE Foundation “will focus solely on continuing the mission of delivering high-quality vulnerability identification and maintaining the integrity and availability of CVE data for defenders worldwide.”

It also said that the formation of the CVE Foundation marks a major step toward eliminating a single point of failure in the vulnerability management ecosystem, and ensuring the CVE Program remains a globally trusted, community-driven initiative.

“For the international cybersecurity community, this move represents an opportunity to establish governance that reflects the global nature of today’s threat landscape,” it said.


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

GovernmentVulnerabilities and Flaws Published: 16 April Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Iran and the New CNI Threat

Iran and the New CNI Threat

 UK pledges £90M for SME cyber resilience

UK pledges £90M for SME cyber resilience

 Vulnerability Management and the AI Challenge

Vulnerability Management and the AI Challenge
Identity-Based Attacks: The Threat and How to Mitigate It

Identity-Based Attacks: The Threat and How to Mitigate It

 Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 UK watchdog raises concerns over Jaguar Land Rover's cyber bailout

UK watchdog raises concerns over Jaguar Land Rover's cyber bailout
What UK Firms Need to Know About the UK Data Use and Access Act

What UK Firms Need to Know About the UK Data Use and Access Act