The Cybersecurity and Infrastructure Security Agency has unveiled a new document detailing its support and future plans for the Common Vulnerabilities and Exposures program, months after it decided to extend its funding for 11 months, according to Infosecurity Magazine.More diverse funding mechanisms are being evaluated for the CVE program, which should continue to be publicly maintained and vendor-neutral, said CISA, which has sought increased multi-sector collaboration in ensuring the quality of the program.CISA is also looking to modernize the CVE program by focusing on accelerated automation, enhancing CNA services, adopting minimum CVE record quality standards, and strengthening transparency, visibility, and data enrichment, as well as integrating community feedback into the decision-making process, the document showed.Such a development has been praised by VulnCheck vulnerability researcher Patrick Garrity."It's a starting point and highlights the need for reform across the program. There is a lot of opportunity for improvement that has largely gone neglected," Garrity noted.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds