Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program - The Register
US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.
The 25-year-old CVE program plays a huge role in vulnerability management. It is responsible overseeing the assignment and organizing of unique CVE ID numbers, such as CVE-2014-0160 and CVE-2017-5754, for specific vulnerabilities, in this case OpenSSL's Heartbleed and Intel's Meltdown, so that when referring to particular flaws and patches, everyone is agreed on exactly what we're all talking about.
It is used by companies big and small, developers, researchers, the public sector, and more as the primary system for identifying and squashing bugs. When multiple people find the same hole, CVEs are useful for ensuring everyone is working toward that one specific issue.
While the whole world's vulnerability management efforts aren't going to descend into chaos overnight, there is a concern that in a month or two they may. The lack of US government funding means that, unless someone else steps in to fill the gap, this standardized system for naming and tracking vulnerabilities may falter or shut down, new CVEs may no longer be published, and the program's website may go offline.
Not-for-profit outfit MITRE has a contract with the US Department of Homeland Security to operate the CVE program, and on Tuesday the group confirmed this arrangement has not been renewed. This comes as the Trump administration scours around the federal government for costs to trim.
The 25-year-old CVE program plays a huge role in vulnerability management. It is responsible overseeing the assignment and organizing of unique CVE ID numbers, such as CVE-2014-0160 and CVE-2017-5754, for specific vulnerabilities, in this case OpenSSL's Heartbleed and Intel's Meltdown, so that when referring to particular flaws and patches, everyone is agreed on exactly what we're all talking about.
It is used by companies big and small, developers, researchers, the public sector, and more as the primary system for identifying and squashing bugs. When multiple people find the same hole, CVEs are useful for ensuring everyone is working toward that one specific issue.
While the whole world's vulnerability management efforts aren't going to descend into chaos overnight, there is a concern that in a month or two they may. The lack of US government funding means that, unless someone else steps in to fill the gap, this standardized system for naming and tracking vulnerabilities may falter or shut down, new CVEs may no longer be published, and the program's website may go offline.
Not-for-profit outfit MITRE has a contract with the US Department of Homeland Security to operate the CVE program, and on Tuesday the group confirmed this arrangement has not been renewed. This comes as the Trump administration scours around the federal government for costs to trim.
https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/?td=rt-3a
5 replies
= new reply since forum marked as read
= new reply since forum marked as read
so unAmerican, so underhanded, such a betrayal of our nation.
Kick in to the DU tip jar?
This week we're running a special pop-up mini fund drive. From Monday through Friday we're going ad-free for all registered members, and we're asking you to kick in to the DU tip jar to support the site and keep us financially healthy.
As a bonus, making a contribution will allow you to leave kudos for another DU member, and at the end of the week we'll recognize the DUers who you think make this community great.