“First, the federated mannequin and CVE Numbering Authorities (CNA) can not assign IDs and ship data to MITRE for fast publication. Second, all of that’s the basis for the Nationwide Vulnerability Database (NVD), which is already past struggling, with a backlog of over 30,000 vulnerabilities and the latest announcement of over 80,000 ‘deferred’ (which means is not going to be totally analyzed by their present requirements).”
Martin added, “Third, each firm that maintains ‘their very own vulnerability database’ that’s basically lipstick on the CVE pig must discover alternate sources of intelligence. Fourth, nationwide vulnerability databases like China’s and Russia’s, amongst others, will largely dry up (Russia greater than China). Fourth [sic], lots of, if not hundreds, of Nationwide / Regional CERTs around the globe, not have that supply of free vulnerability intelligence. Fifth [sic], each firm on the earth that relied on CVE/NVD for vulnerability intelligence goes to expertise swift and sharp pains to their vulnerability administration program.”
Why is the contract ending?
It’s unclear what led to DHS’s resolution to finish the contract after 25 years of funding the extremely regarded program. The Trump administration, primarily by Elon Musk’s Division of Authorities Effectivity initiative, has been slashing authorities spending throughout the board, significantly on the Cybersecurity and Infrastructure Safety Company (CISA), by which DHS funds the MITRE CVE program.