"CISA published a two-page summary of its vision board for CVE's future this week, talking it up like a Taylor Swift tour: 2025, according to CISA, is the year CVE leaves its "growth era" for a "quality era" that CISA appears intent on dominating. Nicholas Andersen, CISA's recently appointed Executive Assistant Director for Cybersecurity, made the agency's vision for CVE's future clear in a blog post published alongside the vision document: It's a CISA joint."
""Over the past year, we've seen significant debate around the future of the program," Andersen said. "But let me be absolutely clear: there is no national cyber defense without a reliable, government-led system for vulnerability identification." That debate, we note, largely has to do with the fact that the CVE program came close to a shutdown earlier this year when CISA nearly let MITRE's contract expire, before granting an 11-month extension through March 2026."
CISA nearly allowed the CVE program to lapse earlier this year and briefly risked MITRE's contract expiration before granting an 11-month extension through March 2026. CISA released a two-page vision summary signaling intent to exert greater control over CVE and to move the program from a "growth era" to a "quality era" in 2025. Nicholas Andersen stated that national cyber defense requires a reliable, government-led vulnerability identification system. Volunteer CVE board members were reportedly kept unaware of funding issues, prompting formation of the CVE Foundation to pursue nonprofit, internationally coordinated, vendor-neutral governance and diversified funding.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]