Earlier this week, funding for MITRE Corporation was set to end. Since MITRE manages the Common Vulnerabilities and Exposures (CVE) database, the cybersecurity community was alarmed by the impending loss of funding; however, the Cybersecurity and Infrastructure Security Agency (CISA) intervened to prevent the lapse in payments.

According to an email received by Reuters, funding for MITRE has been extended an additional 11 months. While many cyber professionals are pleased by this extension, some uncertainty remains in the community. In response to the near loss of MITRE’s database, a group called the CVE Foundation created a website with express purpose to “ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years.”

The CVE Foundation has supported MITRE’s database while raising concerns about the sustainability and neutrality of the resource being associated with a single government sponsor. Active CVE Board members have worked for the past year to shift CVE to non-profit foundation. 

According to the CVE Foundation, this “marks a major step toward eliminating a single point of failure in the vulnerability management ecosystem and ensuring the CVE Program remains a globally trusted, community-driven initiative. For the international cybersecurity community, this move represents an opportunity to establish governance that reflects the global nature of today’s threat landscape.”