The Cybersecurity and Infrastructure Security Agency has published its plan to enhance its Common Vulnerabilities and Exposures, or CVE, program, which identifies and disseminates information about cyberthreats. The agency said Wednesday that the CISA Strategic Focus: CVE Quality for a Cyber Secure Future serves as a roadmap and details priorities to ensure that the program meets the needs of the global cybersecurity community.
The document was developed using feedback from domestic and international partners. According to the agency, it marks the transition of the CVE program from its ‘growth era’ to its ‘quality era.’
“With this strategic vision, CISA is reaffirming our leadership role and seizing the opportunity to modernize the CVE Program, solidifying it as the cornerstone of global cybersecurity defense,” commented Nick Andersen, executive assistant director for cybersecurity at CISA. “In collaboration with the global cybersecurity community, CISA is committed to delivering a well-governed, trusted and responsive CVE Program aimed to enhance the quality of vulnerability data and global cybersecurity resilience.”
Learn more about emerging security threats to the nation at the Potomac Officers Club’s 2025 Homeland Security Summit on Nov. 12. The in-person networking event will cover U.S. homeland security programs, efforts and strategic initiatives and the implementation of artificial intelligence and other advanced technologies. Grab your tickets before it is too late!
CISA Shares Vision for CVE Program
According to the document, CISA plans to modernize the CVE infrastructure through the adoption of advanced technologies. The agency intends to implement automation and other capabilities to enhance its CVE Numbering authorities, or CNAs, and expand application programming interface support.
CISA is also aiming to develop minimum standards for CVE record quality and federated mechanisms to ensure that all CNAs that publish a CVE record contain common vulnerability scoring system and common weakness enumeration data. The move is expected to improve data quality to support the future rollout of automation, machine learning and artificial intelligence.
In addition, the agency said it wants to form deeper partnerships through ensuring that international organizations, academia, vulnerability tool providers, data consumers, security researchers, operational technology companies and the open-source community are better represented in the program.
Related Articles
Data silos, misinformation and adversarial AI are among the greatest threats to federal agencies’ ability to achieve information superiority, said Rob Linger, vice president of Leidos’ information advantage practice, in a new video interview with Executive Mosaic. Linger, who has served in the Marine Corps and held leadership roles across technology and public service, said these barriers can only be overcome through strong data stewardship and a clear mission focus. “We have to work through data silos. Every agency has been collecting data for a very long time, but there are organizational challenges to sharing it,” Linger said. “The only
The Office of Management and Budget’s Cost Accounting Standards, or CAS, Board has published two proposed rules that aim to streamline accounting requirements for federal contractors by eliminating over 60 requirements. “Holding contractors responsible for properly and transparently accounting for their costs is good stewardship, but forcing contractors to maintain overlapping books and records is wasteful and creates barriers that discourage talented companies from working with the Government to meet the needs of our taxpayers,” Kevin Rhodes, senior adviser to OMB Director Russell Vought, said in a statement published Wednesday. Relying on Generally Accepted Accounting Principles Under the rules proposed
DVIDSHub reported that the Naval Information Warfare Center, or NIWC, Pacific and Navy Cyber Defense Operations Command, or NCDOC, started a threat assessment of a 5G tactical training network on Sept. 3 at Naval Base Point Loma in San Diego as part of Operation Shoehorn. Operation Shoehorn Operation Shoehorn is a comprehensive effort that seeks to develop and test a secure 5G tactical network for the fleet. “5G, to this point, has not been useable because it’s proprietary, meaning we don’t have the visibility needed to detect cyber threats,” said Mike Anderson, NIWC Pacific Joint Tactical Communications branch head. “By using open-source