#infosec people, THIS is big and you need it in front of management RIGHT NOW.
MITRE has informed the CVE board members that effective TONIGHT, funding to run CVE and CWE is effectively gone. The US federal government contracts MITRE to run these programs including both management, operations, and infrastructure.
This not only could but almost certainly will result in disruptions to CVE and CWE including a halt of all operations if new contracts/funding are not secured.
RootWyrm πΊπ¦
in reply to RootWyrm πΊπ¦ • • •And not only is this from reliable sources, I can verify it checks out.
h/t bsky.app/profile/tib3rius.bskyβ¦ π
One, the name and position is correct.
Two, that is MITRE corporate communications compliant. They have rules about it.
Three, I know that the CVE/CWE contract runs April 15 to April 15 and no new contract has been published.
FFRDC (Oct 2024-Oct 2029) is a separate contract issued by NIST. CVE+CWE is a DHS/CISA contract.
RootWyrm πΊπ¦
in reply to RootWyrm πΊπ¦ • • •"OMG SKY IS FALLING!$@&*$@!"
Hi. Policy hat on!
Yes and no, no and yes. This is why I specifically said: TELL MANAGEMENT. This means that the reliability of CVE+CWE will be negatively impacted.
If you do not update your POLICIES to treat CVE+CWE as no longer responsive and reliable, and start making changes to address that, you will be in for a world of hurt.