“In response to increasing concerns over the effectiveness of the CVE Program and the sustainability of the U.S. government’s role in managing the world’s largest vulnerability database, cybersecurity leaders and international stakeholders are coming together to explore a federated model for vulnerability identification. The initiative seeks to address modern security challenges—such as the shift toward hyper-automation, the dominance of open-source software, and emerging needs in cryptography, artificial intelligence, and other specialized domains—by fostering global collaboration and innovation.
The cybersecurity community faces a pivotal moment. Recent reductions in funding for MITRE’s support of the CVE program have sparked widespread concern that the world’s largest vulnerability database can no longer keep pace with the demands of a rapidly evolving global threat landscape. Originally designed for a time when most software was commercial and automation was in its infancy, the CVE program and the National Vulnerability Database (NVD) struggle to meet the needs of an ecosystem increasingly dominated by open-source software. In fact, by some estimates, over 90% of all modern applications rely on open-source components, and yet the CVE program often fails to capture these vulnerabilities quickly or effectively.”
Read more on the OWASP Blog (April 17, 2025)
