CyberScoop reports that House Homeland Security Committee ranking member Rep. Bennie Thompson, D-Miss., and House Science and Technology Committee ranking member Rep. Zoe Lofgren, D-Calif., have called on the Government Accountability Office to evaluate the Cybersecurity and Infrastructure Security Agency-funded Common Vulnerabilities and Exposures program and the National Institute of Standards and Technology's National Vulnerability Database following recent issues.
"Both the CVE program and the NVD program have faced significant challenges in recent years. In early 2024, funding challenges at NIST resulted in a backlog of thousands of vulnerabilities in the NVD, a backlog that persists to this day. Further, a recent near-lapse of CISA's contract supporting the CVE program brought to light the security community's reliance on this program and the need to ensure its continuity," said the lawmakers, who also urged the GAO to examine the extent of support provided by the Department of Homeland Security and NIST to the programs. Such a development comes after an audit of the NVD program was announced by the Commerce Department's Office of the Inspector General amid continuous backlogs.
"Both the CVE program and the NVD program have faced significant challenges in recent years. In early 2024, funding challenges at NIST resulted in a backlog of thousands of vulnerabilities in the NVD, a backlog that persists to this day. Further, a recent near-lapse of CISA's contract supporting the CVE program brought to light the security community's reliance on this program and the need to ensure its continuity," said the lawmakers, who also urged the GAO to examine the extent of support provided by the Department of Homeland Security and NIST to the programs. Such a development comes after an audit of the NVD program was announced by the Commerce Department's Office of the Inspector General amid continuous backlogs.
