The US government is extending funding for the Common Vulnerabilities and Exposures (CVE) database by eleven months. The decision came at the last minute, after it was announced that the essential cybersecurity database was about to go offline due to the discontinuation of payments.
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) announced that support for the CVE database will continue. This catalog of cyber vulnerabilities is crucial in combating bugs and hacks. The database is managed by the non-profit organization MITRE Corporation.
The news relieved the cybersecurity community, which was in turmoil after reports that funding would be discontinued. Earlier this week, it still looked like the database would go offline, which would have had major consequences for IT administrators worldwide.
Indispensable system
The CVE database serves as a universal catalog of cyber vulnerabilities. IT adms use the system daily to identify and prioritize various bugs and hacks quickly. Using a uniform naming convention, the database ensures that everyone in the industry speaks the same language regarding security risks.
Yosry Barsoum, vice president and director at MITRE’s Center for Securing the Homeland, confirmed that a disruption in service for both the CVE program and the Common Weakness Enumeration program has been prevented. “We appreciate the overwhelming support for these programs that have been expressed by the global cyber community, industry, and government over the last 24 hours,” Barsoum said.
A spokesperson for the agency told Reuters that funding will continue for another 11 months. This will give MITRE and other stakeholders time to explore alternative long-term funding models.