MITRE’s long-term contract with the U.S. Department of Homeland Security to oversee the Common Vulnerabilities and Exposure (CVE) program is set to end on April 16, 2025. With no confirmed renewal, the US Department is uncertain about how it will track the software vulnerabilities.

CVE and CWE

CVE gives mandated identifiers to the software flaws, making it easier for researchers, vendors, and IT experts to communicate and fix them. CWE or common weakness enumeration lists the coding errors that caused the problem in the first place.

Together, they handle security tooling and coordination. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defence rely on CVE for assessing and managing threats.

MITRE’s Contract Will Expire Without Renewal

MITRE confirmed that the contract funding CVE’s operation will conclude on 16 April. A Fellow at Sectigo named Jason Soroko said:

“If the contract is not renewed, the national security database will be at stake, and it will disrupt the functionality of incident response operations.”

Even though MITRE has guaranteed that the history of CVE data will be available on GitHub, it still indicates a setback for security management.

The CEO of Defect Dojo, Greg Anderson, described it as:

“Security teams will lose a cohesive framework to identify and name vulnerabilities, and cybersecurity experts will get fragmented data if the CVE database goes offline.”

Anderson emphasized that in the absence of standardized naming protocols, there will be an increased risk of miscommunication.

As more than 40,000 CVES were published only in 2024, a centralized database is required for tracking both present and previous threats.

A Wake-Up Call For Immediate Action

MITRE says that it is actively discussing the issue with the U.S. government and is eager to continue the CVE mission. However, according to the experts, it cannot be delayed. According to the experts, the contract should no longer rely on short-term contracts that renew annually. This moment is a wake-up call for both industry leaders and lawmakers. Cyber threats are growing just like weeds and require quick solutions.

The shutting down of the CVE program is more than a bureaucratic issue. It represents a serious risk for the systems that are designed to save our software, infrastructure, and national security.

MITRE Contract Expires: CVE Program Plans To Turn Off

CVE and CWE

MITRE’s Contract Will Expire Without Renewal

A Wake-Up Call For Immediate Action

Nimra Fayyaz

Leave a Reply Cancel reply

More Stories From "Infrastructure"

SpaceX’s Falcon 9 Launching Starlink 7-14 Mission from Vandenberg Space Force Base

Fatimah

Google Ends Software Updates for Early Nest Thermostat Models

Fatimah

Samsung to Invest $117 Million in Southern India After Union Strikes

Munazza

Apple Planning to Assemble iPhone in India, FT says

Naba