The funding crisis that nearly shut down the global vulnerability tracking system last year has quietly been resolved, easing fears of another abrupt disruption to a cornerstone of the cybersecurity ecosystem.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

The funding crisis that nearly shut down the CVE program in 2025 has been resolved. CISA and MITRE renegotiated their contract, reportedly moving CVE from discretionary to protected budget status, eliminating the funding cliff that had alarmed the global security community. The CVE board was informed in January 2026 that operations are funded well beyond March. However, the contract remains opaque — even to board members — raising transparency and governance concerns. Meanwhile, the near-collapse spurred global contingency efforts, including the EU launching its own vulnerability database via ENISA, and private firms reserving CVE identifier blocks. Structural questions about long-term governance, international independence, and program modernization remain open.

CVE program funding secured, easing fears of repeat crisis