Home ยป Trump Refuses to Renew Contract for Software Vulnerability Database Management CVE

Trump Refuses to Renew Contract for Software Vulnerability Database Management CVE

MITRE Corporation oversees the website CVE.org, which provides a database of software vulnerabilities. They circulated a letter to the CVE board stating that the Trump administration did not renew the contract for maintaining the database. This resulted in the contract ending today, potentially impacting future services.

CVE assigns unique identifiers to vulnerabilities for easier tracking and reference. For example, the Shellshock vulnerability is known as CVE-2014-6271, and Heartbleed is identified as CVE-2014-0160. Initially, this database was a service provided by MITRE, but later became a public service funded by CISA, the United States Cybersecurity and Infrastructure Security Agency, who sponsors MITRE for this maintenance.

While this service is crucial, the US government also operates the National Vulnerability Database as another avenue for vulnerability information. It remains uncertain if MITRE will continue to operate CVE.org after the CISA contract expires. The announcement letter stated that this could impact service delivery. The cost for maintaining the CVE and CWE databases in the last fiscal year was $29 million USD.

Source: @0xTib3rius, PC Magazine

TLDR: MITRE Corporation faces uncertainty regarding the future of CVE.org after the US government did not renew their contract for maintaining the software vulnerability database, potentially impacting service delivery.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Final Day for CISA Database CVE Project Extension – Gratitude to All for Enduring

Heightened Ransomware Attacks Expected in 2023, Construction Industry Hit Hard in Palo Alto