CISA: CVE Program to Focus on Vulnerability Data Quality

The US cybersecurity agency CISA believes that expanded partnerships, government sponsorships, transparency, modernization, and better vulnerability data quality are the next step in advancing the Common Vulnerabilities and Exposures (CVE) Program.

Aimed at identifying, defining, and indexing publicly disclosed security defects, the CVE Program turned 25 last year, when the number of CVE Numbering Authorities (CNAs) surpassed 400, and more than 28,000 new CVE records were produced.

The number of CNAs has grown to over 460 as of 2025, and the CVE Program is now ready to transition to a new phase, following the growth era it went through during the past decade, CISA says.

“As the CVE Program evolves to meet the needs of this global cybersecurity community, it must transition into a new era focused above all on trust, responsiveness, and vulnerability data quality,” CISA notes in a fresh document (PDF) presenting its vision regarding the program ...