Dems demand audit of CVE program as Federal funding remains uncertain

Infosec In Brief A pair of Congressional Democrats have demanded a review of the Common Vulnerabilities and Exposures (CVE) program amid uncertainties about continued US government funding for the scheme.

In a letter [PDF] letter to the Comptroller General of the US, ranking House Homeland Security committee member Bennie Thompson (D-MS) and ranking House Science, Space and Tech committee member Zoe Lofgren (D-CA) asked the Government Accountability Office (GAO) to investigate management of the program.

Federal funding for the CVE program ended in April and while the Cybersecurity and Infrastructure Security Agency found funds to keep it running for eleven months, the lawmakers worry the flow of cybersecurity data that government and businesses rely on could cease.

Thompson and Lofgren said they want "the efficiency and effectiveness" of government programs designed to support NVD and CVE assessed.

"These programs underpin how organizations across the world mitigate vulnerabilities that could otherwise ...