CISA Unveiled a New Vision for the CVE Program. Can It Work?

Updated CVE Roadmap Follows Threats to Funding Chris Riotta (@chrisriotta) • September 11, 2025

The U.S. cyber defense agency is unveiling a new vision for its globally-adopted vulnerability tracking system but security analysts warn that funding threats and turmoil inside the federal agency could derail any reforms before they take hold.

See Also: Post-Quantum Cryptography - A Fundamental Pillar in the Future of Cybersecurity [ES]

The Cybersecurity and Infrastructure Security Agency's new vision for the Common Vulnerabilities and Exposures program marks what the agency calls a shift from the program's "growth era" to its "quality era." The strategy outlines plans to bolster trust, responsiveness and data quality by expanding community partnerships, collaborating with industry and international governments to standardize vulnerability data, scaling enrichment through federated mechanisms and growing the authorized data publisher capability.

The announcement comes only months after the program nearly shuttered following a ...