MITRE CVE Program in Jeopardy
As a former advisory board member to the CVE/OVAL initiatives, I’m sounding the alarm:
MITRE has confirmed that funding for the CVE and CWE programs will expire on April 16, 2025. These programs are the backbone of global vulnerability management and coordination, helping defenders and researchers speak a common language about risk.
Without CVE, we lose:
- A universal framework for tracking software flaws
- Coordinated disclosures across vendors and governments
- A critical piece of national cybersecurity infrastructure
According to official records, the contract via the Department of Homeland Security is set to expire imminently: https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001
Yes, historical CVE records will remain accessible on GitHub: https://github.com/CVEProject/cvelistV5
But active development, modernization, and oversight of the CVE and CWE systems are now at risk.
This isn’t just a tech industry issue—it’s a matter of national security.
“MITRE remains committed to CVE as a global resource,” said Yosry Barsoum, VP at MITRE. But commitment without funding isn’t enough.
We must act—before this foundational cybersecurity resource goes dark.
Stay safe, stay informed, and keep defending what matters.
Gary S. Miliefsky
Publisher, Cyber Defense Magazine
www.cyberdefensemagazine.com
@miliefsky | @cyberdefensemag
About the Author
Gary Miliefsky is the publisher of Cyber Defense Magazine and a renowned cybersecurity expert, entrepreneur, and keynote speaker. As the founder and CEO of Cyber Defense Media Group, he has significantly influenced the cybersecurity landscape. With decades of experience, Gary is a founding member of the U.S. Department of Homeland Security, a National Information Security Group member, and an active adviser to government and private sector organizations. His insights have been featured in Forbes, CNBC, and The Wall Street Journal, as well as on CNN, Fox News, ABC, NBC, and international media outlets, making him a trusted authority on advanced cyber threats and innovative defense strategies. Gary’s dedication to cybersecurity extends to educating the public, operating a scholarship program for young women in cybersecurity, and investing in and developing cutting-edge technologies to protect against evolving cyber risks.
