The fastest way to get CISM Certified. Join our bootcamp
Unfortunately for the infosec community, it looks like MITRE’s Common Vulnerabilities and Exposures (CVE) program is coming to a close because its funding contract hasn’t been renewed.
This is a huge deal, because MITRE’s 25-year-old CVE program has been a fundamental pillar of cybersecurity. The CVE program identifies, defines and catalogs cybersecurity vulnerabilities. When someone discovers a new vulnerability, the first step is to determine if it is truly new, or if it has already been catalogued. If it is truly a new vulnerability, the next step is to fill out a form to submit the discovery to the CVE catalog. When it is confirmed to be a legitimate new vulnerability, it will be issued a number like CVE-2024-5910. The CVE system helps to ensure that each vulnerability is only documented once. It provides a vital resource for cyber threat intelligence and vulnerability management.
If we lose the CVE program, we will be losing a vital resource for keeping track of vulnerabilities. Without it, how will we know whether others are experiencing the same vulnerabilities that we are? Where will we turn to for solutions? Unless other players step in to either provide funding or set up another entity, the cybersecurity community will be hit significantly by this loss.
A Cybersecurity and Infrastructure Security Agency (CISA) spokesperson discussed the matter with CSO Online, “CISA is the primary sponsor for the Common Vulnerabilities and Exposure (CVE) program, which is used by government and industry alike to disclose, catalog, and share information on technology vulnerabilities that can put the nation’s critical infrastructure at risk. Although CISA’s contract with the MITRE Corporation will lapse after April 16, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.”
It’s hard to tell what will happen at this stage, but it’s likely that the CVE database will stop being updated. However, the historical records should still be available. While this may provide some solace, knowledge of the latest vulnerabilities is critical to the cybersecurity ecosystem. Without them, it’s going to be challenging to manage the newest dangers in our software.
Prepare to Pass: Get the Right CISSP
Practice Questions
A Different Approach to Practice Question. While most CISSP practice materials focus on knowledge testing, our approach is fundamentally different. Here at Destination Certification, we've developed a practice question app specifically designed to bridge the gap between basic recall and the advanced thinking required on the actual exam.
5 Mistakes to Avoid so you easily pass the CISM exam!
Struggling with CISM Exam Prep? Download our FREE Guide. Don't let common pitfalls derail your success. Learn the top 5 mistakes CISM candidates make and how to avoid them. Get expert tips and pass with confidence!
