CVE Funding Problems

It is very unfortunate to hear about the struggle of MITRE, CVE, and NVD. And it might not be a surprise that many customers approach us to discuss the future of vulnerability management.

We are an officially certified CVE Numbering Authority (CNA) by MITRE which is allowed to reserve, assign, and disclose CVEs. As long as we are capable of processing CVEs we will do that. As of 2025-04-16 the funding of MITRE and the CVE project should have come to a halt. Nevertheless, our moderation team is still handling new entries.

We expect that MITRE is not going to process any CVEs anymore which would cause heavy delays in CVE disclosure. As a consequence some of the vulnerability processing by MITRE might be offloaded to us, because we are able to act as a backup for them. Many researchers will prefer our flexibility which might increase our workload regarding processing of new submits.

Limitations affecting CVE and NVD help to emphasize our advantages, because we are able to act independently, usually have a large portion of vulnerability data before even CVE/NVD/CISA has it, and monitor multiple alternative sources to provide our vulnerability feed.

As CVE is by far not the only source for our vulnerability data, we are very confident to remain capable of providing the best possible vulnerability and threat intelligence service for our customers.

Actualizado em: 16/04/2025 a partir de VulDB Documentation Team

Do you know our Splunk app?

Download it now for free!

◂ VoltarVisão GeralPróximo ▸