Yesterday’s headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan to maintain the program before the Critical Infrastructure and Security Agency (CISA) announced it has extended support for the program this morning. As the backbone of the global vulnerability identification system, CVE has long served as the industry’s shared language for describing digital flaws.
*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Brian Fox. Read the original post at: https://www.sonatype.com/blog/cve-program-uncertainty
