CVE: Common Vulnerabilities and Exposures
CWE: Common Weakness Enumeration
CVSS: Common Vulnerability Scoring System
If you work in the IT field then you are almost certainly familiar with these three terms. You might even know that the databases for CVEs and CWEs have been maintained by MITRE for… well, for as long as I’ve been aware of the lists anyways. They have done this as a government contract with government funding.
On Tuesday CVE Board Members were sent a letter from Yosry Barsoum, VP and Director of Center for Securing the Homeland (CSH) that read:
Dear CVE Board Member,
We want to make you aware of an important potential issue with MITRE’s enduring support to CVE.
On Wednesday, April 16, 2025, the current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire. The government continues to make considerable efforts to continue MITRE’s role in support of the program.
If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure.
MITRE continues to be committed to CVE as a global resource. We thank you as a member of the CVE Board for your continued partnership.
The CVE database is the most important resource many of us have for tracking vulnerabilities, and it is a critical cybersecurity tool. I do not know what is happening behind the scenes, and I assure you that I will not speculate on politics, nor will I give any political commentary on what I might speculate. I will say that I do hope that this gets resolved soon, because in case you have not been paying attention the bad guys are coming for your systems. Whatever is going on, lobby your senator, congressman, mayor, alderman, or Member of Parliament to get this project funded again. We need it!
The World According to Mitch 
Leave a comment