WASHINGTON, April 16 (Reuters) – U.S. officials will extend support for 11 months for a database of cyber weaknesses that plays a critical role in fighting bugs and hacks, a spokesperson said on Wednesday – just as the funding was due to run out.
The expected cut-off of payments for the non-profit MITRE Corp’s Common Vulnerabilities and Exposures database had spread alarm across the cybersecurity community.
Sign up here.
The U.S.-backed database acts as a catalog for cyber weaknesses and enables IT administrators to quickly flag and triage the different bugs and hacks discovered daily.
The last-minute change of plan after the importance of the service was highlighted publicly is another instance of the confusion across government as U.S. President Donald Trump’s administration makes deep cuts to public spending.
MITRE did not immediately return an email seeking comment.
The Cybersecurity and Infrastructure Security Agency said in an email the CVE program was invaluable and that it had executed an “option period on the contract to ensure there will be no lapse in critical CVE services.”
A spokesperson for the agency told Reuters in an email the funding would continue for another 11 months.
The government’s last-minute change drew “a sigh of relief,” said John Hammond, a researcher with the managed security company Huntress who was among the many who opposed the move to stop funding.
“I’m glad somoene or something heard the voice of the community loud and clear,” Hammond said.
The uncertainty has already prompted some members of the cybersecurity community to invest in alternatives.
On Wednesday, a group calling itself the CVE Foundation
, opens new tab unveiled a website that marketed itself as a bid to “ensure the long-term viability, stability, and independence” of the system. A message seeking comment from the organization did not immediately receive a response.
Reporting by Raphael Satter; Editing by Mark Porter and Barbara Lewis
Our Standards: The Thomson Reuters Trust Principles.
Reporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.
