Hours after the current contract for Common Vulnerabilities and Exposures program expired, the loss to cybersecurity experts everywhere seems to be too great, forcing a U-turn.

The cybersecurity mission was encapsulated in MITRE’s programme designed to coordinate disclosure of public vulnerabilities within systems. Yesterday, the “uncertain future” for the programme was made public and whether its contract with the U.S. Department of Homeland Security would be renewed, impressing the end of a cybersecurity working group. It was nearly a loss before the decision was reversed mere hours after – the collaboration of the cybersecurity world will continue as usual for the next 11 months, as the DOGE realises the impact of losing an important scheme to combat cybersecurity exploits.

Common Weakness Enumeration programmes have become pertinent to those in the industry fielding off evolving attacks, and enabling fast alerts to threats outside of vendors and businesses’ cybersecurity strategies. Security researchers, vendors, and IT teams can communicate in the current forum, identifying the modern tools from vulnerability scanners to patch management systems. Modern systems and workflows depend on CVE data.

DHS managed and funded CVE and CWE programs.

Forbes quoted Jason Soroko, Senior Fellow at Sectigo stating, “a service break would likely degrade national vulnerability databases and advisories”. Now it seems appreciation of cooperative programmes on cybersecurity has flipped the decision. 

Update Apr. 16 at 10:55am EDT

The new CVE Foundation is announced. Trump’s government has chosen to reinstate the funding for the global directory of security vulnerabilities for everyone’s benefit after the cost-cutting exercise. 

The U.S. Cybersecurity and Infrastructure Security Agency said it had extended the contract with MITRE for 11 months, as the CVE Program is “invaluable to the cyber community and a priority of CISA”, rather than going ahead with an 11th hour flawed decision. 

Experts say the CVE program disruption has highlighted the issues with relying on a single source of funding.

Also in the news:

Company House to enforce ID verification South Africa: Digital verification system at the “heart of national security” and growing private economy Fraudsters steal data from multiple sources now to exploit enterprises, study shows