- Регистрация
- 17 Февраль 2018
- Сообщения
- 36 064
- Лучшие ответы
- 0
- Баллы
- 2 093
Offline
The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contract to ensure there will be no lapse in critical CVE services” last night.
On Tuesday, MITRE, the government-funded organization behind the CVE program, warned that its contract to continue managing the system was set to expire on April 16th. The CVE program is used by major companies like Microsoft, Apple, Google, and Intel to identify and track cybersecurity vulnerabilities around the globe.
In response, CVE board members announced an initiative to make the program a nonprofit foundation, saying it will “focus solely on continuing the mission of delivering high-quality vulnerability identification and maintaining the integrity and availability of CVE data for defenders worldwide.”
The CVE Foundation said it would share more details “over the coming days,” but it’s not clear whether it will continue now that the government has renewed its contract with MITRE. Though CISA doesn’t say why it waited so long to extend its contract, the last-minute renewal comes as DOGE continues to slash funding and cut jobs throughout the federal government.
“The CVE Program is invaluable to the cyber community and a priority of CISA,” Auchey said. “We appreciate our partners’ and stakeholders’ patience.”
