The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contract to ensure there will be no lapse in critical CVE services” last night.
At this point … what stops the CVE foundation moving on as a foundation and working to find an alternative funding model?
Nothing. They should do exactly that. As usual the US government has proven that it cannot be trusted or relied on.