Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Cybersecurity World On Edge As CVE Program Prepares To Go Dark

Link: https://it.slashdot.org/story/25/04/16/005023...

The CVE and CWE programs are at risk of shutdown as MITRE's DHS contract
expires on April 16, 2025, with no confirmed renewal. Without continued
funding, the ability to standardize, track, and respond to software
vulnerabilities could collapse, leaving the cybersecurity community
scrambling in a fragmented and dangerously opaque environment. Forbes
reports: "Failure to renew MITRE's contract for the CVE program, seemingly
set to expire on April 16, 2025, risks significant disruption," said Jason
Soroko, Senior Fellow at Sectigo. "A service break would likely degrade
national vulnerability databases and advisories. This lapse could negatively
affect tool vendors, incident response operations, and critical
infrastructure broadly. MITRE emphasizes its continued commitment but warns
of these potential impacts if the contracting pathway is not maintained."
MITRE has indicated that historical CVE records will remain accessible via
GitHub, but without continued funding, the operational side of the program --
including assignment of new CVEs -- will effectively go dark. That's not a
minor inconvenience. It could upend how the global cybersecurity community
identifies, communicates, and responds to new threats. [...] MITRE has said
that discussions with the U.S. government are active and that it remains
committed to the CVE mission. But with the expiration date looming, time is
running short -- and the consequences of even a temporary gap are severe.

Read more of this story at Slashdot.

---
VRSS v2.1.180528