CVE program funding secured, easing fears of repeat crisis
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) and MITRE Corporation have secured new, long-term funding for the Common Vulnerabilities and Exposures (CVE) Program, preventing a repeat of the near-shutdown crisis experienced in 2025. This change moves the program from discretionary funding to a protected line item in CISA's budget, ensuring its continuous operation and evolution.
IFF Assessment
This is good news for defenders as it ensures the continued availability of a critical resource for vulnerability management and threat intelligence.
Defender Context
The stability of the CVE program is crucial for defenders as it provides a standardized way to identify and track software vulnerabilities. Consistent funding ensures the ongoing operation of systems that rely on CVE data for vulnerability management, patching, and threat intelligence, thereby improving overall security posture.