News

Released: April 25, 2025

Representatives from the CVE Foundation met with representatives from CISA on 4/24/2025.  The talks were positive and encouraging.  All parties wish to keep the conversation and progress moving forward.

Released: April 23, 2025

In the statement provided by CISA on April 23, 2025, Matt Hartman, CISA Acting Executive Assistant Director for Cybersecurity, stated that CISA has “historically been and remain[s] very open to reevaluating the strategy to support the continued efficacy and value of the program.”  He went on to say “that significant work lies ahead. CISA, in coordination with MITRE and the CVE Board, is committed to actively seeking and incorporating community feedback into our stewardship of the CVE Program. We are committed to fostering inclusivity, active participation, and meaningful collaboration between the private sector and international governments to deliver the requisite stability and innovation to the CVE Program. And we are committed to achieving these goals together.”

We stand in alignment with CISA and this commitment to working together to ensure a resilient, trusted, and innovative CVE Program, which has a 25-year legacy of bringing some order to the chaos of cyber-security vulnerabilities. The model of successfully transferring initiatives from the U.S. government to a publicly managed service or program has countless examples: DARPA turning the ARPANET into the Internet, IANA managing protocol assignments, and ICANN managing Internet names and addresses, which all started with the government being the single source of funding. In this same tradition, the CVE Foundation aims to support the transition of the CVE Program from a single-funding stream to a diversified funding model, which we believe will only strengthen the program and enable a stable, durable, internationally trusted program that works for the good of global consumers and organizations. This is our mission.