Frequently Asked Questions
What do you believe?
We believe that CVEs are the cornerstone of cybersecurity defense. Without a common language to communicate about vulnerabilities, chaos follows. This is why the CVE Program was created 25 years ago and it is even more true today. We believe in a free, publicly available resource that serves a global community. We believe that, in order to achieve a stable long term solution, CVE needs to be funded by many entities and not one single point of failure. We are leading by building a coalition of like-minded organizations.
What is your mission?
To ensure continued long term international participation and stability of the CVE Program as a publicly available resource. To deliver a world-class user experience for all that contribute to and use CVEs.
Why now?
No time like the present. ¯\_(ツ)_/¯ The original coalition of the willing was formed as a loose group of individuals that share a common goal of helping the CVE program evolve and succeed. The group wanted to explore options for growth and stability. However, confusion resulting from the April 15, 2025 letter addressed to the CVE Board has compelled us to plan for contingency with a sense of urgency to prevent disruptions to global cybersecurity defensive operations. The group felt the need to reassure stakeholders and consumers in the CVE ecosystem, provide a sense of continuity, and show support.
The promise of temporary funding, while greatly appreciated, does not eliminate the need for business continuity planning to prevent single point of failures in the CVE program.
How are you different?
We are key thought leaders in the CVE program who have been working within CVE as volunteers for years, striving to evolve the program over time without being encumbered to any one organization. We have had many successes, including the federated model that CVE is currently operating under. This model was designed to allow for the transition of key roles in the program, like the Secretariat, to industry. To thrive, the CVE Program needs to become a different kind of organization. One that is more responsive to stakeholders in shorter time frames. Through this Foundation, we want to finish the work we started and collaborate with the CVE community to identify other areas for significant improvements.
Who are you?
We are a significant subset of the Official CVE Board that are concerned about the stability of the CVE Program and want to see the program healthy and thriving. Over the last few days our coalition has grown in number to include additional CVE Board members and long term participants in the CVE Program.
Will you share your names?
Some members will. Some members are not ready. We respect all of our community and associated stakeholders. If folks are not ready, then that's okay.
How can I help?
We greatly appreciate the large outpouring of support we have received over the past few days. We have received hundreds of emails offering encouragement, financial support, and seeking more information. We are working as quickly as we can to read and consider every email. At this time we are seeking additional financial support so we can move forward more quickly.
Please email us at info@thecvefoundation.org