CISA officials commit to supporting top vulnerability cataloging program

Two Cybersecurity and Infrastructure Security Agency officials committed to supporting the MITRE-backed Common Vulnerabilities and Exposures Program, just months after it faced a near complete lapse in funding.

Used extensively across sectors — from private industry to national intelligence agencies — the CVE Program provides a standardized framework for identifying computer vulnerabilities and plays a central role in vulnerability management practices. It was first launched in 1999. Agencies like CISA regularly issue alerts using CVE-standardized language.

CISA is “heavily invested” in it and will “continue to fund the CVE Program and continue to improve the CVE Program,” said Chris Butera, acting executive assistant director in CISA’s cybersecurity division, speaking to a large audience at the Black Hat cybersecurity conference in Las Vegas, Nevada, alongside Robert Costello, CISA’s chief information officer.

Read more at NextGov/FCW