A coalition of CVE Board members launched a new CVE Foundation "to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program."
![Press release from the CVE Foundation:
CVE Foundation Launched to Secure the Future of the CVE Program
[Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years.
Since its inception, the CVE Program has operated as a U.S. government-funded initiative, with oversight and management provided under contract. While this structure has supported the program’s growth, it has also raised longstanding concerns among members of the CVE Board about the sustainability and neutrality of a globally relied-upon resource being tied to a single government sponsor.
This concern has become urgent following an April 15, 2025 letter from MITRE notifying the CVE Board that the U.S. government does not intend to renew its contract for managing the program. While we had hoped this day would not come, we have been preparing for this possibility.](https://files.mastodon.social/media_attachments/files/114/346/658/060/079/375/original/c0ab3571edb6cda3.jpg)
A coalition of CVE Board members launched a new CVE Foundation "to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program."
If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.social/users/serghei/statuses/114346660986059236 on your instance and quote it. (Note that quoting is not supported in Mastodon.)