![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Blue Archive tier list [April 2025]](https://media.pocketgamer.com/artwork/na-33404-1636469504/blue-archive-screenshot-2.jpg?#)
.png?#)
-Baldur’s-Gate-3-The-Final-Patch---An-Animated-Short-00-03-43.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.webp?#)
![Alleged Pixel 10 series wallpapers leak with vibrant colors and a strange new theme [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/pixel-10-wallpaper-leak-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Apple to Split Enterprise and Western Europe Roles as VP Exits [Report]](https://www.iclarified.com/images/news/97032/97032/97032-640.jpg)
![Nanoleaf Announces New Pegboard Desk Dock With Dual-Sided Lighting [Video]](https://www.iclarified.com/images/news/97030/97030/97030-640.jpg)
![Apple's Foldable iPhone May Cost Between $2100 and $2300 [Rumor]](https://www.iclarified.com/images/news/97028/97028/97028-640.jpg)
MITRE’s Support for CVE Program Set to Expire! – Internal Letter Leaked Online, “MITRE Confirmed”
A letter from MITRE, dated April 15, 2025, has leaked online claimed to be revealed from a reliable source that the organization’s contract to support the Common Vulnerabilities and Exposures (CVE) program is due to expire today, April 16, 2025, potentially threatening the stability of a critical cybersecurity resource. The letter, addressed to CVE Board […] The post MITRE’s Support for CVE Program Set to Expire! – Internal Letter Leaked Online, “MITRE Confirmed” appeared first on Cyber Security News.
A letter from MITRE, dated April 15, 2025, has leaked online claimed to be revealed from a reliable source that the organization’s contract to support the Common Vulnerabilities and Exposures (CVE) program is due to expire today, April 16, 2025, potentially threatening the stability of a critical cybersecurity resource.
The letter, addressed to CVE Board Members and signed by Yosry Barsoum, Vice President and Director of MITRE’s Center for Securing the Homeland (CSH), highlights the uncertainty surrounding MITRE’s continued role in maintaining the CVE program and its related initiatives.
MITRE is a not-for-profit organization that operates federally funded research and development centers (FFRDCs), including the National Cybersecurity FFRDC, which supports the CVE program.
Headquartered in McLean, Virginia, MITRE has been a key player in advancing cybersecurity solutions for government and industry partners.
The Common Vulnerabilities and Exposures (CVE) program provides a standardized method for identifying and cataloging cybersecurity vulnerabilities.
It is widely used by organizations to prioritize and address security risks, making it a foundational element of global cybersecurity efforts.
The CVE program, managed by MITRE with funding from the U.S. Department of Homeland Security, has been a cornerstone of global cybersecurity efforts for decades.
It provides a standardized system for identifying, defining, and cataloging publicly disclosed cybersecurity vulnerabilities, enabling organizations worldwide to address security flaws efficiently.
As of recent records, the CVE database contains over 274,000 entries, underscoring its critical role in the cybersecurity landscape.
In the letter, Barsoum warns that the expiration of MITRE’s current contract to “develop, operate, and modernize CVE and several other related programs, such as CWE,” could lead to significant disruptions.
While the government is reportedly making efforts to continue MITRE’s involvement, Barsoum notes that a break in service could have “multiple impacts” on the CVE ecosystem, also David DiMolfetta’s, a cybersecurity reporter confirmation of the letter’s authenticity.
These include potential “deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and overall critical infrastructure.”
The CVE program has already faced challenges in recent years, including transitioning to a new website (CVE.ORG) and updating its record format to JSON, with support for legacy download formats ending on June 30, 2024.
Additionally, MITRE has begun assigning CVEs to service-based vulnerabilities, a shift from its previous focus on vulnerabilities in publicly distributed software products.
These changes reflect the evolving nature of cybersecurity threats but also highlight the program’s reliance on consistent funding and operational support.
MITRE, a not-for-profit organization known for solving problems for a safer world, has reaffirmed its commitment to the CVE program as a global resource.
However, the uncertainty surrounding its contract has raised questions about the future of vulnerability management and the potential ripple effects on national security and critical infrastructure.
MITRE Official Response to Cyber Security News
As we have reached out to MITRE to comment on this matter, “On Wednesday, MITRE official confirmed with Cyber Security News that CVE Program Funding Expiration on April 16, 2025:
“April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE
) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”
“Continuously updated by the global cyber community, the Common Vulnerabilities and Exposures (CVE®) Program is a foundational pillar of the cybersecurity ecosystem. Relied on by organizations across industry, government, national security, and critical infrastructure, the CVE Program is the de-facto international standard for vulnerability identification and the backbone of vulnerability management.”
“The CVE Program anchors a growing cybersecurity vendor market worth more than $37 billion, providing foundational data to vendor products across vulnerability management, cyber threat intelligence, security information and event management, and endpoint detection and response.”
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The post MITRE’s Support for CVE Program Set to Expire! – Internal Letter Leaked Online, “MITRE Confirmed” appeared first on Cyber Security News.
