The CVE program for tracking security flaws is about to lose federal funding
1 min read
Summary
The US cyber vulnerability tracking system, which is used by major tech firms, is set to run out of funding and face cancellation in just over a month.
The Common Vulnerabilities and Exposures (CVE) program was established in 1999, and allows providers to assign IDs to known cyber vulnerabilities.
The ids are used by security experts to monitor and protect products, containing critical information relied upon by users and companies.
Lukasz Olejnik, a security and privacy researcher, has highlighted that without support for CVE, a cybersecurity breakdown is imminent, and vendors, analysts and defence systems will be thrown into disarray due to a lack of synchronicity on known vulnerabilities.
Tech giants like Microsoft, Google, Apple, Intel and AMD are now likely to lose access to a key resource in identifying and repairing vulnerabilities in their products and services unless new funding can be found urgently.