In Last-Minute Reversal, U.S. Extends Funding for Critical Cyber Vulnerability Database

In a dramatic eleventh-hour decision, U.S. officials have extended funding for the widely-used Common Vulnerabilities and Exposures (CVE) database, preventing a potential disruption in one of the world’s most relied-upon cybersecurity resources.

The funding, which supports the nonprofit MITRE Corporation’s operation of the CVE system, was set to expire this week—an outcome that had sparked alarm throughout the cybersecurity community. The CVE database functions as a global catalog of software and system vulnerabilities, enabling IT professionals to quickly identify, assess, and address newly discovered bugs and cyber threats.

A spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA) confirmed Wednesday that the U.S. government has executed an “option period” on MITRE’s contract, ensuring 11 additional months of support for both the CVE Program and the related Common Weakness Enumeration (CWE) Program.

The reversal comes after widespread public outcry and intense concern from cybersecurity professionals, many of whom feared the collapse of a critical line of defense against escalating global cyber threats.

“A break in service for the CVE and CWE programs has been avoided,” said Yosry Barsoum, Vice President and Director at MITRE’s Center for Securing the Homeland. “We appreciate the overwhelming support from the global cyber community, industry, and government expressed in the past 24 hours.”

CISA echoed the sentiment, calling the CVE system “invaluable” in an email statement. The abrupt change of course highlights the confusion and uncertainty that has marked recent federal budget decisions, particularly under the Trump administration’s sweeping public spending cuts.

The funding crisis triggered swift responses from the cybersecurity world, including the emergence of a new initiative: the CVE Foundation. The group unveiled a website on Wednesday positioning itself as a long-term, independent steward of vulnerability tracking, in case government-backed support falters again.

“It’s a sigh of relief,” said John Hammond, a researcher with security firm Huntress. “I’m glad someone or something heard the voice of the community loud and clear.”

Despite the temporary reprieve, some experts warn the situation underscores the fragile state of critical cyber infrastructure—and the need for more stable, long-term solutions.

To find out more details please visit :https://www.reuters.com/