Almost good news on the CVE front
17/04/25 10:28 Filed in: Security
Apparently the funding to Mitre that pays for maintaining the CVE (Common Vulnerabilities and Exposures) https://www.cve.org nearly ended.
The good news is that
The good news is that
- it got a last minute 11 month extension; and,
- a group of concerned people on the board had a non-profit ready to go if it wasn''t funded
The CVE program does a very unglamorous but essential job of bringing together security issues and numbering them. By issuing unique numbers they ensure that we can talk about one issue with one name and know that we have addressed it.
The Register reported that the program was cancelled https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/ and then reprieved https://www.theregister.com/2025/04/16/cve_program_funding_save/
And Bruce Schneier reported the 11th hour 11 month reprieve https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
Like librarians in a library, the CVE program, adds value to the collection by curating and cataloging it.
While in the narrow sense the US Government is funding the cataloging and the world benefits. In a wider sense the database itself benefits from contributions around the world so others still contribute to the success of the project.
And why is this almost good news? While the reprieve is welcome ideally the program could have more certainty. Extremely good that the board members had a plan ready to go, but once again we move one step onto a more uncertain path.
The Register reported that the program was cancelled https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/ and then reprieved https://www.theregister.com/2025/04/16/cve_program_funding_save/
And Bruce Schneier reported the 11th hour 11 month reprieve https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html
Like librarians in a library, the CVE program, adds value to the collection by curating and cataloging it.
While in the narrow sense the US Government is funding the cataloging and the world benefits. In a wider sense the database itself benefits from contributions around the world so others still contribute to the success of the project.
And why is this almost good news? While the reprieve is welcome ideally the program could have more certainty. Extremely good that the board members had a plan ready to go, but once again we move one step onto a more uncertain path.