MITRE CVE Program Gets Last-Hour Funding Reprieve

The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.

The US government’s cybersecurity agency CISA says there will be no lapse in critical CVE services provided by the MITRE Corporation.

Just hours after the MITRE Corporation warned that the expiration of federal funding for the CVE Program would cause major disruptions, CISA announced it has “executed the option period on the contract” to keep the vulnerability catalog operational.

“The CVE Program is invaluable to the cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience,” the agency said in a brief statement.

According to public documentation, the $29 million contract was awarded sole source to The MITRE Corporation because the government believes ...