Techly NewsGet the app

Get the latest tech news

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program


The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

In an eleventh-hour scramble before a key contract was set to expire on Tuesday night, the United States Cybersecurity and Infrastructure Security Agency renewed its funding for the longtime software-vulnerability-tracking project known as the Common Vulnerabilities and Exposures Program. While this structure has supported the program’s growth, it has also raised long-standing concerns among members of the CVE Board about the sustainability and neutrality of a globally relied-upon resource being tied to a single government sponsor,” the Foundation wrote in a statement. And many observers expressed cautious optimism that the incident could ultimately make the CVE Program more resilient if it transitions to be an independent entity that isn't reliant on funding from any one government or other single source.

Get the Android app

Or read this on Wired

Read more on:

Photo of cisa funding chaos

cisa funding chaos

« Microsoft admits it's not you, Classic Outlook can be a real CPU, power hog sometimes
CVE program gets last-minute funding from CISA – and maybe a new home »