Behind the struggle for control of the CVE program
On April 16, less than a month after nonprofit R&D organization MITRE celebrated the 25th anniversary of the Common Vulnerability and Exposures (CVE) effort, the program narrowly escaped a sudden demise when a last-minute, 11-month contract extension averted a shutdown.
That near-miss put vulnerability experts and cybersecurity defenders on edge, most of whom still fear that this essential mechanism for detecting, tracking, and remediating software vulnerabilities could suddenly disappear overnight.
Now, “we’re still in the fragmented, visionary-picking-up-the-pieces phase here after the bomb was dropped in April, and this was the second year in a row, given that there was a bit of a funding crisis on the NVD” in 2024, Brian Fox, co-founder and CTO of Sonatype, told CyberScoop.
Read more at CyberScoop