The cybersecurity world is bracing for potential disruption as MITRE ’s Common Vulnerabilities and Exposures (CVE) program faces an uncertain future. The program, which has been a cornerstone of global cybersecurity for over two decades, may go dark on April 16 due to the expiration of its US Department of Homeland Security (DHS) contract.
Why CVE program mattersThe CVE program plays a critical role in cybersecurity by assigning standardised identifiers to software vulnerabilities, enabling security researchers, vendors, and IT teams to track and address threats efficiently. It is closely linked to the Common Weakness Enumeration (CWE) program, which categorises coding errors that lead to vulnerabilities. Together, these programs form the backbone of global security coordination, supporting tools like vulnerability scanners, patch management systems, and threat intelligence feeds.
The risk of a shutdownMITRE has confirmed that its DHS contract expires on April 16, and no renewal has been finalized. Without funding, the CVE program could halt updates, leading to gaps in vulnerability tracking and delays in security advisories. Experts warn that this lapse could degrade national vulnerability databases, affecting tool vendors, incident response operations, and critical infrastructure.
Jason Soroko, Senior Fellow at Sectigo, emphasised the severity of the situation: "Failure to renew MITRE's contract risks significant disruption. A service break would negatively impact cybersecurity coordination worldwide."
Cybersecurity professionals are urging policymakers to secure funding for the CVE program to prevent a crisis. The potential shutdown has raised concerns about government reliance on private entities for critical security functions and the need for alternative solutions to maintain vulnerability tracking.
Why CVE program mattersThe CVE program plays a critical role in cybersecurity by assigning standardised identifiers to software vulnerabilities, enabling security researchers, vendors, and IT teams to track and address threats efficiently. It is closely linked to the Common Weakness Enumeration (CWE) program, which categorises coding errors that lead to vulnerabilities. Together, these programs form the backbone of global security coordination, supporting tools like vulnerability scanners, patch management systems, and threat intelligence feeds.
The risk of a shutdownMITRE has confirmed that its DHS contract expires on April 16, and no renewal has been finalized. Without funding, the CVE program could halt updates, leading to gaps in vulnerability tracking and delays in security advisories. Experts warn that this lapse could degrade national vulnerability databases, affecting tool vendors, incident response operations, and critical infrastructure.
Jason Soroko, Senior Fellow at Sectigo, emphasised the severity of the situation: "Failure to renew MITRE's contract risks significant disruption. A service break would negatively impact cybersecurity coordination worldwide."
Cybersecurity professionals are urging policymakers to secure funding for the CVE program to prevent a crisis. The potential shutdown has raised concerns about government reliance on private entities for critical security functions and the need for alternative solutions to maintain vulnerability tracking.
You may also like
Emmerdale 'lets slip' character return in Aaron and John's wedding invite list
Danny Dyer and daughter Dani surprise locals as they film new caravan park show
UK weather maps show exact day temperatures soar back to 17C next week
Manoj Jha targets Centre over Waqf Act, vows to continue legal and street-level protests
50% of US students whose visas have been revoked by Trump admin are Indians: Study
