EU to Support CVE Program Amid Contracting Concerns

Severity: Low (Score: 34.0)

Sources: Thecyberexpress, Nextgov, Fcw

Summary

The European Union has announced plans to assist in modernizing the Common Vulnerabilities and Exposures (CVE) Program, a critical system for tracking cybersecurity vulnerabilities. This initiative follows a contracting issue last year when MITRE indicated a potential end to federal funding for the program, which is essential for hundreds of thousands of cybersecurity professionals globally. Hans de Vries from ENISA emphasized the need to strengthen the CVE process to ensure its stability beyond a single contract. The CVE system, established in 1999, assigns unique identifiers to publicly known vulnerabilities, facilitating communication among security researchers and vendors. In response to the contracting scare, EU member states have tasked ENISA with exploring ways to enhance the CVE framework. Concurrently, U.S. Congressional staffers are drafting legislation to formalize the CVE program's oversight by the Cybersecurity and Infrastructure Security Agency (CISA). This legislative effort aims to ensure the program's resilience against political fluctuations. Experts warn that if the CVE program is perceived as politicized, it could lead to fragmentation and the emergence of competing systems. Key Points: • The EU plans to modernize the CVE Program after a funding scare last year. • CVE provides a standardized method for cataloging cybersecurity vulnerabilities. • Legislation is being drafted in the U.S. to formalize CISA's oversight of the CVE program.

Key Entities

• United States (country)