The Common Vulnerabilities and Exposures (CVE) program, a cornerstone of global cybersecurity infrastructure, is set to lose its federal funding as of April 16, 2025. Managed by the nonprofit MITRE Corporation, the program has been instrumental in assigning unique identifiers to publicly disclosed cybersecurity vulnerabilities, enabling organizations worldwide to prioritize and address security threats effectively.
Since its inception in 1999, the CVE program has served as a critical resource for major tech companies, including Microsoft, Google, Apple, Intel, and AMD. By providing a standardized system for tracking vulnerabilities, CVE has facilitated coordinated responses to security issues across diverse platforms and systems.
However, with the expiration of MITRE’s contract to develop, operate, and modernize the CVE system, there are growing concerns about the future of this vital resource. Experts warn that without continued funding, the cybersecurity community may face significant challenges in maintaining a unified approach to vulnerability management.
Lukasz Olejnik, a noted security and privacy researcher, expressed concerns that the absence of support for CVE could “cripple” cybersecurity systems globally. He emphasized that the lack of a centralized system for vulnerability identification could lead to confusion and inefficiencies in addressing security threats.
In response to these challenges, MITRE has reaffirmed its commitment to sustaining the CVE program as a vital global resource. The organization continues to receive support from the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, underscoring the program’s importance to national and international cybersecurity efforts.
As the expiration date approaches, stakeholders across the cybersecurity landscape are advocating for stable and continuous funding to ensure the ongoing effectiveness of the CVE program. The outcome of these efforts will have significant implications for the future of cybersecurity practices worldwide.
