CVE Program almost expired; MITRE's contract ended | Michael A. Echols MBA CISSP posted on the topic

7mo

The CVE Program — as we know it — just almost expired. MITRE’s contract to run the Common Vulnerabilities and Exposures (CVE) Program was to end April 16, 2025. That’s the system we all rely on to coordinate software vulnerability disclosures. No #CVE means no standardized alerts, no shared language for tracking threats, and a whole lot of chaos for defenders. Over 2,800 CVEs are issued monthly. Without continuity, threat actors get a head start — and defenders are stuck making up names like “That-One-Unpatched-Thing-In-The-Corner.” #CVE #Cybersecurity #OTSecurity #MITRE #CISA #MaxAI #CyberIn60Seconds #Resilience #mikeechols Leslie EcholsChuck Brooks Chloe Burke Les McCollum II, MPS-CRM Calvin Nobles, Ph.D.Danyetta Fleming Magana, CISSP, F. ISRM Laszlo Gonc, CISSP, QTE Sean C. Robert CraneLester Lewis, MBA#CISAntonio "T" Scurlock Roy White, MBA, PMP Howard Tsai Tamika McCree ElhilaliJeffrey M. Vinson, Sr CISSP, CCISO, CIPP, NSA IAM-IEMGuy Walton Gotham Artists Matthew Dimmick Tim Coogan John B Moore Deborah Page Adam Mohamed#aws #informationsharing #mikeechols

3 Comments

Transcript

Welcome to CybersecurityIn60Seconds where our goal is to quickly connect you to your cyber security world up Mike Echols - While the US government funding for Mitre��s Common Vulnerability and Exposure CVE program was set to expire on April 16th at the Department of Homeland Security did not renew its funding contract. We hear this has been rectified. However, last day heroic signifies this issue. We have a national level issue with building a sustainable cyber program. The CVE program, which served as the crux for most cybersecurity defense programs, track software vulnerabilities for the entire planet over 28. Your new CVE or assigned every month? Let me breakdown the issue with program shutdown. No more official CVE numbers, no more global reference number language for vulnerabilities. Just chaos spreadsheets and blog posts. The CVE program is the Rosetta Stone of cyber threat coordination, and letting it get close to the chopping board makes it the equivalent of chopped liver, even though it is where cyber defense bread is buttered. Yes, Miter said they were committed to keeping it going, but without funding. It's like promising to keep the power on without a generator. Without the CVE program thread, actors get a head start and defenders, they're stuck naming threats like Hurricane Seasons. We'll call this one CVE Chaos 2025. If we can't sustain foundational cyber systems, how are we supposed to defend critical infrastructure or enable AI driven defense? This isn't just a gap, it's a global weakness in the cyber vulnerability system. Stay strong cyber warriors. This is Mike Echols and I will talk to you soon.

Guy Walton

7mo

"CVE-global chaos" just a perfect coin phrase. Great post!

Ziz Abdur-Ra'oof,

7mo

Mykolas Rambus - Given you both operate in the field of cybersecurity - meet Mike who is a college teammate from the good ole days.

1 Reaction

See more comments

To view or add a comment, sign in

More Relevant Posts

Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE
1mo
Report this post
Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette highlights a surge in sophisticated cyberattacks, with information stealers, Trojans, and ransomware topping the threat charts. Attackers are shifting tactics, focusing on stealth, data exfiltration, and multi-extortion methods. Legacy systems, delayed patching, and increased use of Ransomware-as-a-Service (RaaS) are fueling the rise in threats, making proactive defense and threat intelligence more critical than ever. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations
Like Comment
To view or add a comment, sign in
Datel Group Ltd

1,957 followers
1mo Edited
Report this post
𝗥𝗮𝗶𝘀𝗶𝗻𝗴 𝘁𝗵𝗲 𝗕𝗮𝗿 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 🔒 At Datel, we take cyber security seriously. Building on our Cyber Essentials Plus and ISO 27001 certifications, we’ve now extended into the new 𝗗𝗲𝗳𝗲𝗻𝗰𝗲 𝗖𝘆𝗯𝗲𝗿 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (𝗗𝗖𝗖) 𝘀𝗰𝗵𝗲𝗺𝗲 — securing our first DCC accreditation. This milestone reinforces our ongoing commitment to safeguarding data and supporting customers operating in highly regulated and security-focused sectors.🛡️ #cybersecurity #defencecybercertification #DCC
3 Comments
Like Comment
To view or add a comment, sign in
Samir Elabed
1mo
Report this post
❌ Pentest is dead. A pentest is just a snapshot. It depends on the team you get, how deep they go, and whether they focus on the right things. By the time the report lands, your environment has already changed. Attackers don’t wait. Neither should defense. The future of security is continuous: • 🌐 ASM → always knowing what’s exposed • ⚡ BAS → validating controls every day • 🎯 CTEM → focusing on what matters most, right now • 🕵️ Bug Bounty / VDP → human creativity at scale This isn’t about ticking boxes anymore. It’s about keeping pace with reality. #CyberSecurity #CTEM #ASM #BAS #BugBounty

2 Comments
Like Comment
To view or add a comment, sign in
Himesh Gautam
1mo
Report this post
🔐 Cybersecurity isn’t just about protecting data - it’s about protecting trust. In the last few months, I’ve seen a clear shift: more CXOs are proactively asking, 1). Do we truly understand where our biggest vulnerabilities lie? 2). How resilient is our incident response plan in real-world scenarios? 3). Are our security controls aligned with evolving compliance standards? These are the conversations that matter. At Invesics Cyber Forensics , we help organizations transform these questions into a strategic security roadmap - not just a checklist. #Cybersecurity #Trust #CXO #Invesics #Strategy #Compliance #SecurityCulture
Like Comment
To view or add a comment, sign in
Erin Martin
1mo
Report this post
Security teams require guidance rather than excess data. Continuous Threat Exposure Management (#CTEM) integrates disjointed security tasks, converting isolated discoveries into prioritized and actionable insights. In this Brick House session, our GuidePoint Security specialists will explore how CTEM can reshape conventional #VulnerabilityManagement into a more cooperative and risk-centric approach. View it now on demand: https://okt.to/BjcHQC #Cybersecurity #SecurityStrategy #CTEM #VulnerabilityManagement
Like Comment
To view or add a comment, sign in
Cybershore

1,483 followers
1mo
Report this post
Most cyber assessments take weeks and drain resources. Our CyberRiskCheck takes only a few hours and gives you a clear picture of where you stand. Here is how it works: 1️⃣ We review 29 requirements across six key domains defined by the DIN SPEC 27076 Standard and CERT NZ's Critical Controls. 2️⃣ You receive a concise report showing your current maturity and your most critical gaps. 3️⃣ We discuss the findings and outline practical next steps. Small effort. Big insight. Perfect for businesses that need a baseline before investing further in security. #CyberSecurity #RiskAssessment #CyberRiskCheck #SMB #DIN27076 #InformationSecurity #Cybershore
Like Comment
To view or add a comment, sign in
Encryption Consulting LLC

4,410 followers
1mo
Report this post
The expiration of CISA 2015 during the ongoing government shutdown has left our cyber defenses without a critical legal framework for sharing threat intelligence. With MITRE’s CVE program struggling from funding uncertainty, the global process for identifying and labeling vulnerabilities is under threat. This is a breach in our collective security fabric. Adversaries will exploit every window we leave open. We must urgently reauthorize CISA 2015 and build resilient, automated systems that survive political deadlock. #CISA2015 #Encryption #CyberAttacks #CyberSecurity #EncryptionConsulting
Like Comment
To view or add a comment, sign in
XONA

4,851 followers
1mo
Report this post
🔒 Strengthening transparency in cybersecurity. We’re proud to announce that Xona has been authorized as a CVE Numbering Authority (CNA) by the CVE Program, under CISA and MITRE. As a CNA, Xona can now: ✅ Assign CVE IDs to vulnerabilities in our products ✅ Publish standardized CVE Records for faster response ✅ Provide customers with clear disclosure timelines and guidance ✅ Collaborate globally to strengthen resilience This milestone reinforces our secure-by-design approach and our commitment to the communities protecting the world’s most critical infrastructure. 📢 Read the full announcement: https://hubs.ly/Q03MDZ7f0 Raed Albuliwi #Cybersecurity #CriticalInfrastructure #VulnerabilityManagement #CVE #SecureAccess #RemoteAccess #OT #OTSecurity #ZeroTrust #ICS #InfrastructureSecurity #Resilience
Like Comment
To view or add a comment, sign in
THREATINT

57 followers
2mo
Report this post
CISA Known Exploited Vulnerability: CVE-2025-59689: Libraesva Email Security Gateway Command Injection Vulnerability Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment. https://lnkd.in/eyR437Rw #Cyber #Security #CyberSecurity #SoftwareSecurity #Vulnerability #CISA #CVE #KEV #CyberAwareness #InfoSec #CyberThreats #CyberResilience
Like Comment
To view or add a comment, sign in
THREATINT

57 followers
1mo
Report this post
CISA Known Exploited Vulnerability: CVE-2025-59689: Libraesva Email Security Gateway Command Injection Vulnerability Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment. https://lnkd.in/eyR437Rw #Cyber #Security #CyberSecurity #SoftwareSecurity #Vulnerability #CISA #CVE #KEV #CyberAwareness #InfoSec #CyberThreats #CyberResilience
Like Comment
To view or add a comment, sign in

12,282 followers

View Profile Follow

More from this author

Owning Innovation: Why Intellectual Property Can Be Your New Economic Engine

How Smart Companies Evaluate New Technology and Strategic Risk

Why A/B Multivariate Testing Is at the Heart of Customer Retention Platforms in 2025

Explore content categories