Security updates
      Back to home
      1. Knowledge base
      2. Security updates

      Update on MITRE CVE program funding

      Update 2024-04-16: CISA extends MITRE CVE contract

      The US Cybersecurity and Infrastructure Security Agency (CISA) will continue to fund the MITRE CVE Programme for 11 months:
      https://www.computerweekly.com/news/366622896/CISA-extends-MITRE-CVE-contract-at-last-moment

      As of April 16, 2025, the U.S. government has officially ceased funding MITRE’s role in managing the Common Vulnerabilities and Exposures (CVE) program. This marks a significant moment in the vulnerability management ecosystem and has naturally raised questions throughout the industry. 

      While the situation is evolving, we want to reassure our customers that we were prepared for this. The situation in the U.S. has been shaky for some time, and we've taken proactive steps to minimize any potential impact. 

      Holm Security's response

      As a European vendor, we have alternatives in place that allow us to continue delivering timely and accurate vulnerability intelligence - regardless of what happens with MITRE or the National Vulnerability Database (NVD). 

      We actively monitor developments and remain in close contact with relevant stakeholders to stay ahead of changes. Our commitment to providing reliable vulnerability management services remains unchanged. 

      Still have questions?
      If you have any questions or concerns, don't hesitate to reach out. Contact details are found here.

      More information

      Read more about this at SecurityWeek (external link):
      https://www.securityweek.com/mitre-signals-potential-cve-program-deterioration-as-us-gov-funding-expires/