CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo

MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.

Although the National Institute of Standards and Technology (NIST) enriches the MITRE CVE records with additional information through its National Vulnerability Database (NVD), and CISA has helped enrich MITRE’s CVE records with its “vulnrichment” program due to funding shortfalls in the NVD program, MITRE is the originator of the CVE records and serves at the primary source for identifying security flaws.

Read more at CSO