Possible National Security Crisis Averted: CISA’s Reversal Expends Support for Cve Database
The Nonprofit Organization Mitre, which maintains the Common Vulnerabilites and Exposures (Cve) Database, Said on April 15 that the Us Government Funding for its Operations will expire; However, in a last-minute revered the morning the morning of april 16, Cisa said it has extended support for the databaseAt the same time, cve board members have founded the cve foundation, a nonprofit not affiliated with the us federal government, to maintaain the cve program.
The Cve Program, which has been in place since 1999, is an essential way to report and track vulnerabilites. Many other cybersecurity Resources, Such as Microsoft’s Patch Tuesday Update and Report, Refer to Cve Numbers to Identtify Flaws and Fixes. Organizations Called Cve Numbering Authorities are associated with mitre and authorized to assign cve numbers.
“Cve underpins a huge chunk of vulnerability management, insurance response, and critical infrastructure protection efforts,” Wrote Casey Ellis, Founder of Crovercurcecurity HUB Bugcrowd, in an email to techrepublic. “A Sudden Interruption in services has the very real potential to bubble up into a national security problem in short order.”
Funds were expected to run out on mitre without renewal
A Letter Sent to cve Board Members Began Circulating on Social Media on Tuesday.
“Current Contracting Pathway for Mitre to Develop, Operate, And Modernize Cve and Several other related programs, such as cwe, will expert,” said the letter from Yosry Barside and Director of the Center for Securing The House, A Division of Mitre.
CWE is Common Weakness Enumeration, The List of Hardware and Software Weaknesses.
“The government continues to make considerable efforts to continue mitre’s role in support of the program,” Barsoum Wrote.
Mitre is traded by the department of homeland security.
Download: Protect your company with our premade and customizable network security policy.
Mitre did not respond to techrepublic’s questions about the cause of the expiration or what cybersecurity professionals can expect next.
The foundation has not specified wheether the cut in funding is related to the widespread coul by the department of government efficiency (dog).
Cve foundation has been laying the ground for a new system for the past year
Prior to Cisa’s Announcement, An Independent Foundation said they were prepared to step in to continue the cve program. The cve foundation is a nonprofit dedicated to maintenance the cve Submission Program and Database.
“While we had hoped this day would not come, we have been prepaering for this possibility.” Wrote an anonymous Cve foundation representative in a press release on Wednsday. “In Response, A Coalition of Longtime, Active Cve Board Members have spent the past year development a strategy to transition cve to a dedicated, non-protrofit foundation.”
The Cve Foundation Plans to Detail Its Structure, Timeline, and Opportunities for Involvement in the future. With Cisa Extending Funding, The Foundation May Not Be Needed Yet – Although it may be ressuring to know its services and backups are available.
