CVE funding cuts reversed after security concerns raised – Computerworld

“CVE is a cornerstone of cybersecurity, and any gaps in CVE support will put our critical infrastructure and national security at unacceptable risk,” Luta Security founder and CEO Katie Moussouris told The Register. “All industries worldwide depend on the CVE program to keep their heads above water when it comes to managing threats, so an abrupt halt like this would be like depriving the cybersecurity industry of oxygen and expecting it to spontaneously sprout gills.”

Not giving up yet

The people behind the effort aren’t giving up. One group of CVE board members immediately repositioned themselves as a nonprofit group to be called the CVE Foundation, which will continue the mission. “CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself,” said Kent Landfield, an officer of the foundation. “Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work — from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats.” 

Other entities are also stepping up to mitigate the inevitable damage. “VulnCheck is actively monitoring the MITRE situation, and will ensure that our customers, partners, and the entire cybersecurity community will have continued access to timely, accurate vulnerability data,” said Anthony Bettini, founder and CEO of VulnCheck. “We recognize the critical role that the CVE program plays in the cybersecurity ecosystem, and we are actively preparing for any potential disruptions.”