Updates from the #CVEFoundation

Representatives from the CVE Foundation met with representatives from CISA on 4/24/2025. The talks were positive and encouraging. All parties wish to keep the conversation and progress moving forward.

https://www.thecvefoundation.org/news

DOGE, CISA, Mitre und CVE https://www.cert.at/de/blog/2025/4/doge-cisa-mitre-und-cve

#CVE fallout: The splintering of the standard #vulnerability tracking system has begun
Earlier this week, CVE program faced doom as the #US #government discontinued funding for #MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute.
Meanwhile, the #EU is rolling its own. #EuropeanUnion Agency for #Cybersecurity (#ENISA) developed and maintains this alternative, which is known as the #EUVD, or the European Union Vulnerability Database.
https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/

Saved at the final hour!

Security Database Used by Apple Goes Independent After Funding Cut [Updated]

https://www.macrumors.com/2025/04/16/security-database-used-apple-goes-independent/

The US Cybersecurity and Infrastructure Security Agency (CISA) has moved to secure continued operations of the Common Vulnerabilities and Exposures (CVE) programme by extending its contract with MITRE, preventing a potentially disruptive lapse in critical cybersecurity services.

https://www.computing.co.uk/news/2025/security/cisa-extends-mitre-s-bug-tracking-funding-for-now

CVE Database Saved: Critical Cybersecurity Resource Gets 11-Month Extension

#CVE #CyberSecurity #CISA #VulnerabilityManagement #InfoSec #CyberThreats #MITRE #CVEExtension #CyberDefense #TechNews #CVEProgram #CWE #SecurityUpdate #CyberCommunity #DataProtection

Read Full Article :-
https://www.techi.com/us-extrends-support-save-mitre-cve-database/

Nach dem gestrigen Schock und der drohenden CVE-Abschaltung hat die US-Regierung die Finanzierungsvereinbarung mit der #MITRE Corporation im so ziemlich letzten Moment verlängert.

Im Nachgang an den gestrigen Tag ergeben sich durchaus Parallelen zur bisherigen Trump'schen Salamitaktik in Fragen der nationalen Digitalregulierung mit außenpolitischer Relevanz.

Viel deutlicher als gestern konnte der Weckruf für die EU wohl nicht sein, eigene Wege zu finden und zu gehen.

https://www.heise.de/news/Nach-drohendem-CVE-Aus-Schwachstellendatenbank-der-EU-geht-an-den-Start-10354324.html

#CVE-Aus abgewendet, #Schwachstellendatenbank der #EU geht an den Start

"Entscheidung in letzter Minute - offenbar geht der Vertrag zwischen #CISA und #MITRE in die Verlängerung. Mehrere Initiativen präsentieren derweil Alternativen.

Die US-Cybersicherheitsbehörde CISA hat den Vertrag mit der MITRE Corporation, Betreiberin der CVE-Datenbank, offenbar in allerletzter Sekunde verlängert..."
https://www.heise.de/news/Nach-drohendem-CVE-Aus-Schwachstellendatenbank-der-EU-geht-an-den-Start-10354324.html

The CVE program narrowly avoided shutdown as #CISA stepped in to extend MITRE’s contract.

Read: https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/

LOL what a shithshow

#kakistocracy #doge #mitre #cybersecurity

https://www.reuters.com/world/us/us-agency-extends-support-last-minute-cyber-vulnerability-database-2025-04-16/

Previously: https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/

In a last minute change, #CISA extended its contract with #MITRE to run the #CVE Program until March 2026 but there are already multiple efforts to create alternative, international versions of the platform outside of the control of the US government

https://therecord.media/cisa-extends-cve-program-contract-with-mitre

Yhdysvallat teki päätöksen, joka vaarantaa koko maailman tietoturvan

Yhdysvaltain rahoitus maailmanlaajuiselle tietoturva-aukkojen ja haavoittuvuuksien tietokannalle CVE:lle katkeaa tänään. CVE on kriittinen palanen tietoturvan kannalta, koska se on ainoa taho, josta löytyvät keskitetysti kaikki tiedetyt haavoittuvuudet, niiden tila ja niiden riskitaso.

https://dawn.fi/uutiset/2025/04/16/yhdysvallat-lakkautti-cve-rahoituksen

https://euvd.enisa.europa.eu/

In light of the current MITRE/CISA clown show, here is the European Vulnerabilities database.

Because I’ll take “in beta” over “in the US” any day of the week.

Just as it looked like the US government was set to let funding expire for the CVE program that tracks cybersecurity vulnerabilities, the contract has been extended by 11 months. But the close call has led to the formation of a non-profit that could reduce the reliance on govt funding long-term. https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/ #CISA #CVE #MITRE #security

Tech Radar: Funding for the critical CVE security detection system renewed just hours before deadline https://www.techradar.com/pro/security/funding-for-the-critical-cve-security-detection-system-renewed-just-hours-before-deadline @TechRadar #mitre #cybersecurity #infosec

MITRE CVE Contract Extended Just Before Expiration https://thecyberexpress.com/mitre-cve-contract-extended-before-expiration/ #TheCyberExpressNews #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberNews #MITRE #CISA #CVE #NVD

CVE foundation coming in like
#CVE #MITRE

U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.

The security industry is panicking over the potential loss of the #CVE program. Run by the #MITRE non-profit, the CVE database is a critical tool for tracking the status of vulnerabilities.

#CISA just announced a temporary reprieve, but the dangers are obvious. In #SBBlogwatch, we look for the opportunities.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/04/mitre-cve-funding-crisis-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc