A last-minute reprief from the US department of homeland security looks to have spared the Common Vulnerabilites and Exposures Program for Now.
“The cve program is invaluable to the cyber communication and a priority of Cisa,” a spokesperson from the dhs’ cybersecurity and infrastructure seconds said wedding.
Why it matters
Operated by the non-protrfit mitre, a defense research organization that has also provided ransomware support For Hospitals and Health Systems, The Cve Program is an essential component of Cisa’s mission and part of its Cyber Hygiene Services For Healthcare and other Industries. Mitre’s Contract to Support the Cve and Common Weakness Enumeration (CWE) Programs was set to expert on April 16.
“For the benefits of the cybersecurity communication and network defenders – and to help every organization better manage vulnerability and keep pace with threat activity – Cisaments the Achhoritatively Souchtive Souctive of Vulnerabilites that have been exploited in the wild, “The agency says on its website.
In his letter to cve board members on tuesday – which was shared in a social media post By Jen Easterly, Former Cisa Director and Now CEO of Evenstar Cyber - Yosry Barsoum, Vice President and Director at Mitre’s Center for Securing The Homeland, LISTED SEVERARER CHEBERSECURITY CONCURINS.
“If a break in service was to occur, we anticipate multiple impacts to cve, Including deterioriation of National Vulnerability Databases and Advisors, tool Vndors, Incident Response Operations of Operations Operations of APREPANTICAL Infrastructure, “He said.
Easterly called it “one of the most important pillars of modern cybersecurity,” and said that “losing it would be like tearing out the card catalog from Every Library at Sort Through Chaos whose Attackers take full advantage. “
Healthcare it news Asked cisa if and when the cve services might end or change, how new cves would be added to the database going forward and if another entity would be taken up the mantle of the work.
Without providing specifics, an agency speakesperson indicated by email wedding that Cisa Took Action to Protect the Integry of the Cardinal Resource and Extended The Contracts.
“Last Night, Cisa Executed the option period on the contract to ensure there will be no lapse in critical cve services,” The speakesperson said. “We appreciate our partners ‘and stakeholders’ patience.”
The larger trend
Cisa has funded the development of the cve reference system for software vulnerabilites to minimize discovery efforts and costs by cybery stakers susception and government.
Mitre has reserved and maintained the cve knowledge base since the department of homeland security launched this effort in the 1990s.
Easterly described what is at stake without Tools that relay on cves.
Essentially, Archiving the cve would hobble cisa’s efforts to prioritize software flws and warn the public sector, she said, noting that it would also mar global cyber cordination Defend Against Global Cyber Threats.
Cyber Threat Actor Search Networks for Software Vulnerabilityes, And they’ve Proved to Be Successful Entry Points and Back Doors Into Networks despite the agency ‘ Known exploated vulnerabilities Catalog distributed under the creativecomons 0 1.0 license in numerous formats.
Many Cyber Breaches have been attributed to unpatched vulnerabilites, such as the largest 2021 Breach Of Florida Healthy Kids, which resulted in the exposure of 3.5 million individuals ‘personal information’. Investigations shows that Attackers had access to numerous unpatched cves accessible on its website since 2013.
On the record
“Thanks to actions take by the government, a break in service for the [CVE] Program and the [CWE] Program has been avoided, “Barsoum Told Healthcare it news By email on Wednsday. “CISA Identified Incremental Funding to Keep the Programs Operational.
“We appreciate the overwhelming support for these programs that have been expressed by the global cyber communication, industry, industry and government over the last 24 hours,” He Acided. “The government continues to make considerable efforts to support mitre’s role in the program, and mitre remains committed to cve and cwe as global resources.”
Andrea fox is Senior Editor of Healthcare It News.
Email: afox@himss.org
Healthcare it news is a Himss Media Publication.
