The newly formed CVE Foundation has officially launched today to secure the future of the Common Vulnerabilities and Exposures (CVE) Program, a cornerstone of global cybersecurity infrastructure for the past quarter century.

Responding to an Urgent Transition Need

The establishment of this dedicated non-profit foundation comes at a critical moment for the vulnerability management ecosystem. On April 15, 2025, MITRE notified the CVE Board that the U.S. government does not intend to renew its contract for managing the program—creating an urgent need for a sustainable alternative.

“CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself,” said Kent Landfield, an officer of the Foundation. “Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work—from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats.”

Ensuring Independence and Global Trust

For 25 years, the CVE Program has operated as a U.S. government-funded initiative with oversight and management provided under contract. While this structure supported the program’s initial growth, it raised persistent concerns among CVE Board members about:

  • The long-term sustainability of the program
  • The potential conflicts of interest with a single government sponsor
  • The need for truly international governance reflecting the global nature of cybersecurity threats

A Proactive Response to a Longstanding Concern

Anticipating this potential transition, a coalition of longtime, active CVE Board members spent the past year developing a comprehensive strategy to transition CVE to a dedicated, independent foundation structure.

The new CVE Foundation will focus exclusively on:

  • Continuing the mission of delivering high-quality vulnerability identification
  • Maintaining the integrity and availability of CVE data for defenders worldwide
  • Eliminating single points of failure in the vulnerability management ecosystem
  • Establishing governance that reflects the global nature of today’s threat landscape

Next Steps for the Foundation

In the coming days, the Foundation will release additional information about its organizational structure, detailed transition planning, and opportunities for involvement from the broader cybersecurity community.

Organizations and individuals interested in supporting this critical transition are encouraged to contact the foundation directly at info@thecvefoundation.org.

Read press release by clicking here.

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments