Get ready for a fight over who steers the global standard for vulnerability identification

The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more control over the global standard for vulnerability identification.

CISA published a two-page summary of its vision board for CVE's future this week, talking it up like a Taylor Swift tour: 2025, according to CISA, is the year CVE leaves its "growth era" for a "quality era" that CISA appears intent on dominating. Nicholas Andersen, CISA's recently appointed Executive Assistant Director for Cybersecurity, made the agency's vision for CVE's future clear in a blog post published alongside the vision document: It's a CISA joint.

"Over the past year, we've seen significant debate around the future of the program," Andersen said. "But let me be absolutely clear: there is no national ...