- CVE financing obtains last minute funds support
- A Miter Chief told the members of the CVE Board that government financing is about to expire
- Some have called the “reckless and ignorant” movement
The financing of the United States Government for CVE, a program that publicly lists known software vulnerabilities, will continue for the moment, despite the initial reports that it would expire.
The cuts made by the United States government in all areas had meant that CVE could have lost funds, which could largely erode the cybersecurity of all organizations, from small businesses to critical infrastructure companies.
However, a CISA spokesman revealed that the organization executed an option period in the contract “to ensure that there is no period in CVE critical services.”
CVE extension
“The CVE program is invaluable for the cyber community and a priority of CISA,” the comment added.
Sponsored by the US cybersecurity and infrastructure security agency.
The program works by assigning a unique identifier to each newly discovered vulnerability, which allows cybersecurity professionals, software developers and organizations to identify and address properly failures in the software.
Nextgov Yosry Barsoum says, the director of the center of Miter to ensure the country, recently sent an internal memorandum to the members of the CVE Board, warning about the possibility of losing funds. When the memorandum leaked to social networks, Miter confirmed his legitimacy.
“If there was a break in the service, we anticipate multiple impacts to CVE, including the deterioration of national vulnerability databases and notices, tool suppliers, incident response operations and all kinds of critical infrastructure,” warned the notice.
“Reckless and ignorant”
CVE was not the only program at risk of losing government funds. The enumeration of common weakness (CWE), another Miter Management Program, also run the risk of losing funds at the same time. CWE is a catalog of software and hardware security weaknesses that focus on root causes, underlying programming or design errors that attackers can exploit.
Nextgov says that CISA is looking for “significant cuts” in several of its teams, even with contractors. Some contracts were already terminated, while others will simply be expired.
We could say that CVE dodged the bullet, since the consequences could be quite serious.
Classification Member of the Zoe Lofgren D-Calif Chamber Committee. and member of the National Security Ranking Committee Bennie Thompson, D-Miss. Called the “reckless and ignorant” financing period and said it would undermine cybersecurity throughout the world.
“The common vulnerabilities and exhibitions program ensures that each service, device and system is eliminating discovered vulnerabilities,” said Nextgov a statement.
“From their personal computer to the electricity network to the nuclear facilities: they all trust the CVE. Eliminate this contract will allow malicious actors to operate in the dark. We call the National Security Department that completely restores the funds of this program before the catastrophe strikes.”
Chris Burton, head of Professional Services of Pentest People, believes that the community could step forward at the government’s place.
“It is completely understandable that there are concerns about the government that obtains funds for the Miter program, it is a worrying development for the security industry,” Pro Techradar Pro in a statement sent by mail told.
“If the problem is purely financial, crowdfunding could offer a viable path to follow, gathering public support for a project in which many believe. If it is operational, there may be an opportunity for a dedicated community board to intervene and lead. In any case, this is not the end, it is a possibility of revealing and reimagining again.
Through Nextgov
