The good news is CISA will probably keep paying for the CVE Program contract this year. That’s also the bad news.

Jan 04, 2026

∙ Paid

I’ve been saying for a while that I don’t think that CISA (the Cybersecurity and Infrastructure Security Agency, part of DHS) would continue to fund MITRE’s contract to run the CVE Program when it co…

Keep reading with a 7-day free trial

Subscribe to Tom Alrich's Blog, too to keep reading this post and get 7 days of free access to the full post archives.