Nexus -
info_outline
Stay signed in to save your points and redeem your rewards at Nexus

Your Rewards are Waiting!

Stay signed in to save the points you've earned. Click on the points to redeem your rewards at Nexus before they expire.

Login In Now
Technology

In last-minute reversal, US agency extends support for cyber vulnerability database

By Raphael Satter
FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo

WASHINGTON (Reuters) -U.S. officials will extend support for 11 months for a database of cyber weaknesses that plays a critical role in fighting bugs and hacks, a spokesperson said on Wednesday, just as the funding was due to run out.

The expected cut-off of payments for the non-profit MITRE Corp's Common Vulnerabilities and Exposures database had spread alarm across the cybersecurity community.

The U.S.-backed database acts as a catalog for cyber weaknesses and allows IT administrators to quickly flag and triage the different bugs and hacks discovered daily.

The last-minute change of plan after the importance of the service was highlighted publicly is another instance of the confusion across government as U.S. President Donald Trump's administration makes deep cuts to public spending.

Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE, said in a statement that a break in service for the Common Vulnerabilities and Exposures Program and the Common Weakness Enumeration Program had been avoided.

"We appreciate the overwhelming support for these programs that have been expressed by the global cyber community, industry, and government over the last 24 hours," Barsoum said.

The Cybersecurity and Infrastructure Security Agency said in an email the CVE program was invaluable and that it had executed an "option period on the contractto ensure there will be no lapse in critical CVE services."

A spokesperson for the agency told Reuters in an email the funding would continue for another 11 months.

The government's last-minute change drew "a sigh of relief," said John Hammond, a researcher with the managed security company Huntress who was among the many who opposed the move to stop funding.

"I'm glad someone or something heard the voice of the community loud and clear," Hammond said.

The uncertainty has already prompted some members of the cybersecurity community to invest in alternatives.

On Wednesday, a group calling itself the CVE Foundation unveiled a website that marketed itself as a bid to "ensure the long-term viability, stability, and independence" of the system. A message seeking comment from the organization did not immediately receive a response.

(Reporting by Raphael Satter; Editing by Mark Porter, Barbara Lewis and Deepa Babington)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Telecom Italia concludes savings share conversion ahead of Poste's bid
Anthropic in talks to use Microsoft's AI chips, The Information reports
Spotify strikes deal with Universal Music to let premium users create AI covers, remixes
Crypto brokerage Blockchain.com confidentially files for IPO
Exclusive-Sports streaming platform DAZN weighs tie-up with DirecTV Latin America, sources say
Anthropic to open Milan office, expanding push into Europe
Exclusive-Grok falls flat in Washington, undercutting SpaceX's AI growth story
Analysis-Samsung's deal with union hailed as a victory as bonuses less generous than SK Hynix's
US to award $2 billion to quantum computing firms, take equity stakes, WSJ reports
Google, Meta, TikTok hit by EU consumer complaints about handling of financial scams

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.