The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contract to ensure there will be no lapse in critical CVE services” last night.
At this point … what stops the CVE foundation moving on as a foundation and working to find an alternative funding model?