Federal funding has been restored for a crucial cybersecurity program used by Apple and other tech giants, in a last-minute U-turn.Security experts had described the original decision to remove funding as stupid, dangerous, and chaotic.However, the future of the Common Vulnerabilities and Exposures (CVE) program remains uncertain, despite its role in helping tech giants identify and fix security holes found in their products … The CVE security program We yesterday summarised the role of the CVE program in providing an easy and efficient way for any individual or organization to report a security vulnerability they have found in any tech product.
Once reported, it is assigned a unique ID comprising CVE- followed by the year and a serial number.This allows others to see that the issue has been reported, and to carry out their own investigations to assist the tech company concerned in determining the severity of the problem.Where a vulnerability requires multiple tech companies to act, the CVE system helps them to coordinate their efforts.
Apple, Google, and Microsoft are among the many companies to rely on the system.While the program falls under the auspices of the US Department of Homeland Security, its work is subcontracted to a private company, The MITRE Corporation.Three developments in 24 hours Things began when MITRE announced that federal funding had been removed, with just one day’s notice.
Security professionals quickly expressed incredulity and dismay at the decision.A short time later, a CVE board member said that they had been quietly working on a contingency plan for this eventuality, and announced that a CVE Foundation was being created.No information was provided on how this would be funded, though we speculated that Apple and other tech giants would likely contribute to it.
In the most recent development, reported a U-turn by the government, stating that funding would continue.The MITRE VP with responsibility for the program expressed appreciation to the security community.Uncertainty remains While the immediate pressure is off, the long-term future of the program remains unclear.
There has been no indication whether the U-turn is temporary or permanent, and it’s uncertain whether the CVE board will pursue plans for an independent non-profit foundation to try to take over funding.Highlighted accessories Anker 511 Nano Pro ultra-compact iPhone charger MagSafe Car Mount for iPhone Apple MagSafe Charger with 25w power for iPhone 16 models Apple 30W charger for above Anker 240W braided USB-C to USB-C cable You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day.Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop.
Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
