<p>The U.S. government funding needed for non-profit research giant MITRE to develop, operate and maintain its flagship Common Vulnerabilities and Exposures Program will expire Wednesday, the company confirmed to <em>Nextgov/FCW</em>.</p>
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<p>Used extensively across sectors — from private industry to national intelligence agencies — the CVE Program provides a standardized framework for identifying vulnerabilities and plays a central role in vulnerability management practices. It was first launched in 1999.</p>
<p>Funding for related programs run by the organization — such as the Common Weakness Enumeration program — will also expire tomorrow, Yosry Barsoum, who directs MITRE’s Center for Securing the Homeland, said in a statement.</p>
<p>The CVE Program provides a standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities. Each vulnerability is assigned a unique identifier, designed to help security researchers, vendors and officials communicate consistently about the same issue. Agencies like the Cybersecurity and Infrastructure Security Agency regularly issue <a href=“https://x.com/CISACyber/status/1910053114150805693”>vulnerability alerts</a> using CVE standardized language.</p>
<p>“The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource,” Barsoum said.</p>
<p>Rumors about the expiration in funding surfaced Tuesday when an <a href=“https://bsky.app/profile/tib3rius.bsky.social/post/3lmulrbygoe2g”>internal memo</a> purportedly sent to CVE board members from Barsoum made its way across social media. MITRE confirmed the legitimacy of the message to <em>Nextgov/FCW</em> and said it was sent to the CVE board Tuesday morning.</p>
<p>“If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure,” the notice warned.</p>
<p>The CVE Program has cataloged nearly 275,000 records, according to its <a href=“https://www.cve.org/#:~:text=There%20are%20currently%20over%20274%2C000%20CVE%20Records%20accessible%20via%20Download%20or%20Keyword%20Search%20above.”>website</a>, and also stores historical records on its GitHub <a href=“CVE Program · GitHub”>repository</a>.</p>
<p>The news comes as CISA, which partners with MITRE on the CVE Program, is expected to face significant cuts across several of its teams, including with contractors, according to <a href=“https://www.nextgov.com/people/2025/04/cisa-make-comprehensive-staff-cuts-coming-days-people-familiar-say/404320/”>previous reports</a>. Several contracts have already been terminated within the agency or have been left to lapse, according to two people familiar with the matter.</p>
<p>Last week, a top House lawmaker said he <a href=“https://www.nextgov.com/cybersecurity/2025/04/top-homeland-security-lawmaker-calls-cautious-cuts-cisa/404494/”>asked staffers</a> working for Homeland Security Secretary Kristi Noem to carefully consider how to reduce the size of CISA because the agency does “have a mission to overwatch our critical infrastructure and make sure the bad guys aren’t getting in.”</p>
<p>A spokesperson for DHS did not immediately respond to a request for comment.</p>
<p>The loss of funding for MITRE’s cyber vulnerability program comes as the National Institute of Standards and Technology has <a href=“https://www.nextgov.com/cybersecurity/2025/03/nists-vulnerability-database-logjam-still-growing-despite-attempts-clear-it/403887/?oref=ng-category-lander-river”>struggled to keep up</a> with the number of cyber vulnerabilities submitted to its own repository program, the National Vulnerability Database.</p>
Article Link: https://www.nextgov.com/cybersecurity/2025/04/mitre-backed-cyber-vulnerability-program-lose-funding-wednesday/404585/