A coalition of longtime CVE Board members has announced the formation of a new non-profit organization the CVE Foundation. The foundation’s mission is to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program.
The announcement comes after MITRE Vice President Yosry Barsoum alerted CVE stakeholders that funding for both the CVE and Common Weakness Enumeration (CWE) programs is set to expire on April 16, 2025. In a letter to CVE Board members, Barsoum cautioned that this lapse in funding could trigger widespread disruption across national and international cybersecurity efforts.
“On Wednesday, April 16, 2025, the current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire,” Barsoum wrote. “If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure.”
CVE, which is maintained by MITRE and primarily funded by the US Department of Homeland Security’s National Cyber Security Division, plays a vital role in the cybersecurity landscape. The program standardizes the naming of publicly known cybersecurity vulnerabilities through CVE Identifiers (CVE IDs), allowing for universal reference across tools, vendors, advisories, and incident response operations. The identifiers are issued by a global network of CVE Numbering Authorities (CNAs), with MITRE acting as the CVE Editor and Primary CNA.
According to its founders, the newly launched CVE Foundation has been over a year in the making.
“The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years,” the press release reads.
The Foundation said it will release more information about its structure, transition planning, and opportunities for involvement from the broader community over the coming days.
