One of the Cyber Security World's Most Significant Assets, The Common Vulnerabilites and Exposures (Cve) System operated by us-based non-protrfit mitre Set to Lapse on Wednsday 16 April with no replacement ready.
In a letter to mitre board members circulated today, a copy of which has been reviewed by computer weekly, yosry barsoum, vice president and director at the centers for 30 for security Us government was currently making “Considerable efforts” to continue mitre's longstanding role in the cve program.
If a break in service was to occur, we anticipate multiple impacts to cve, Including deterioration of National Vulnerability Databases and Advisors, Tool Vndors, Incident Response Operations, and ALL MANNER Operations Critical infrastructure, “Wrote Barsoum.
“Mitre continues to be committed to cve as a global resource.
A spokesperson for mitre confirmed the legitimacy of barsoum's statement to computer weekly. They described the cve program as a “Foundational Pillar” of the Cyber Sector, Anchoring a Global Industry Worth Close to $ 40BN (£ 30bn).
The 25 year-old cve system is designed to serve as a reference and repository for disclosed cyber security vulnerabilityes, and has been maintained by Mitre Since Its Its Inception at the End of the End of the Nural Cyber security division of the department of homeland security.
Over the Years its impact on the world of security research has been of immense significance, providing cyber defenders with data on emerging vulnerability and channels, some Implicated in some of the largest cyber incidences ever Seen – Such as Wannacry, Solarwinds Sunburs, Log4j, and Moveit to name but name but a less.
Its Continuing Work will be Familiarar to Most Thanks to the Sheer Volume of Caves – Recognisable by their Unique Identifiers Compressing The Letters Cve, The Year, and A NMERIC CODE -ANIARIC CODE – Released on the SC Tuesday of every month by microsoft in its Patch Tuesday Update.
If it was to have to cease operations, even temporarily pending a contrast renewal, the impact would be keenly felt account the entreage technology industry. Patch Tuesday Aside, The Current Number of Caves of All Types Being Discovered and Disclosed is Running at record highs And shows no signs of slowing.
Disrupttion to the cve system would be a gift to bot financially-motivated cyber criminals and nation-state actors alike, who would be able to Swift to Swift Take Advantage Take Advantage Take Seek out, Develop and Weaponise New Vulnerability, While Security Professionals would be left fumbling in the dark.
Coming amidst deep and painful government cuts being made in the US, the potential risk to the national security postures of the us and its allies from states from on many members of the security communication who took to social media late 15 april to spread the word.
Writing on linkedin, one observer speculated that the deprecation of mitre's contrast was by design, and that taken alongSide cuts to the likes of the cybersecurity and infrastructure secondary (Cisa) and the nurality Institute of Standards and Technology (Nist), The US was Tearing Down Core Security Institutions AMID a significant ongoing cyber crisis.
Filling the gap
But with Customary Community Spirit, Many Cyber Professionals are already stepping up to address the looming shutdown. Patrick Garrity, A Security Researcher at Vulncheck, said: “We want to take a moment to thank mitre for its decades of contributions to the cve program.
“Given the current uncertainty surving which services at mitre or within the cve program may be affected, vulncheck has proactively reserved 1,000 cves for 2025.”
Garrity Added That Vulncheck's reporting service Would continue to assign cve numbers for as long as it could do so.
“Vulncheck is closely monitoring the situation to ensure that both the communication and our customers continue to receive timely, accurate vulnerability data,” He said.
Mitre Added that Historical Cve records will continue to be available at github,