Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

CVE program funding secured, easing fears of repeat crisis

(MITRE Corporation)

By Cynthia Brumfield

The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that eliminates the looming expiration that triggered panic across the security community in 2025.

According to sources, the program appears to have moved from a discretionary funding item to a protected line in CISA’s budget, a structural change that could prevent the kind of dramatic crisis that threatened the system last year.

For roughly a day in 2025, the program that underpins vulnerability management tools, threat intelligence platforms, and patch management systems worldwide appeared headed for an abrupt shutdown. The cybersecurity world was blindsided when MITRE disclosed that its contract with the U.S. Department of Homeland Security to operate the program was set to expire with no renewal in place.

Read more at CSO Online

Click to listen highlighted text!