Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal

The MITRE CVE Program's future sparked concerns, leading Tenable to compile an FAQ. CISA extended funding for the program for one year, ensuring critical CVE services continue. CVE Board members were notified of the potential expiration, which gained media attention. The CVE Program is crucial for identifying vulnerabilities and tracking affected products and remediation efforts. It also acts as a last resort CVE Naming Authority, preventing conflicting reports. CVE Naming Authorities (CNAs) enable various entities to assign CVEs with vulnerability information. Tenable is a CNA, issuing CVEs for its products and vulnerabilities discovered without a CNA. The CVE Foundation is transitioning the program to a non-profit, while GCVE offers a decentralized alternative. Tenable has reserved CVEs and relies on vendor advisories, not solely on MITRE or NVD.