CISA in the end stepped in on the final minute, issuing an emergency 11-month contract extension that stored the system operating however left the worldwide security group bracing for one more funding cliff this spring.
Almost a yr later, that stopgap has been changed by what sources describe as a extra sturdy association. The CVE board was knowledgeable throughout its Jan. 21, 2026, assembly that there could be “no funding cliff in March” and that “ongoing operations and planning prolong effectively past that timeframe,” based on assembly minutes later made public.
In an announcement, Nick Andersen, performing director of CISA, instructed CSO, “Below CISA’s management and sponsorship, the CVE program is absolutely funded and has regularly advanced and modernized to help the worldwide vulnerability ecosystem.” Jordan Graham, a spokesperson for MITRE, stated in an announcement that “MITRE, in help of CISA, is dedicated to CVE as a essential international useful resource.”
