CVE Numbering System on the Brink of Collapse: DHS Ends MITRE Contract
The US Department of Homeland Security (DHS) has ended its 25-year contract with MITRE, leaving the CVE vulnerability numbering system on the brink of collapse. This will result in a massive backlog at the National Vulnerability Database (NVD), with over 30,000 vulnerabilities already awaiting processing and a further 80,000+ 'deferred' (meaning they won't be fully analyzed). This move will severely impact global vulnerability management, causing significant challenges for organizations relying on CVE/NVD information. National vulnerability databases, such as those in China and Russia, will also be affected. The reason for the contract termination remains unclear, but is likely linked to the Trump administration's cost-cutting measures.