The House Energy and Commerce Committee has called on the Department of Homeland Security and Mitre to conduct biennial reviews to ensure the stability and effectiveness of a program that aims to facilitate the identification of cybersecurity vulnerabilities and sharing of such data among organizations.
The House panel said Monday DHS should provide a stable funding stream for the Common Vulnerabilities and Exposures program by transitioning from a contract-based funding framework to a “dedicated program, project or activity line item” in its annual budget requests.
The committee made the recommendations after it assessed issues facing the CVE program based on the evaluation of documents requested from DHS and Mitre, according to letters addressed to Mitre and the department.
Those sets of documents include contracts linked to the CVE program; timelines of measures carried out by DHS and Mitre to oversee the CVE contract from Jan. 1, 2011 to March 31, 2017; and copies of analyses carried out related to the initiative.
The panel has asked Mitre and DHS to conduct a briefing about the recommendations stated in the letters by Sept. 10.