Experimental News Clipping Site

Tag: CVE

  • The Register: CVE fallout: The splintering of the standard vulnerability tracking system has begun

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/ Source: The Register Title: CVE fallout: The splintering of the standard vulnerability tracking system has begun Feedly Summary: MITRE, EUVD, GCVE … WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.… AI Summary and Description: Yes Summary: The text discusses the fragmentation…

  • Microsoft Security Blog: Microsoft’s Secure by Design journey: One year of success

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/ Source: Microsoft Security Blog Title: Microsoft’s Secure by Design journey: One year of success Feedly Summary: Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative. The post Microsoft’s Secure by…

  • Wired: ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/cve-program-cisa-funding-chaos/ Source: Wired Title: ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program Feedly Summary: The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it. AI Summary and Description: Yes Summary: The…

  • The Register: CVE program gets last-minute funding from CISA – and maybe a new home

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/04/16/cve_program_funding_save/ Source: The Register Title: CVE program gets last-minute funding from CISA – and maybe a new home Feedly Summary: Feds extend vulnerability nerve-center contract at 11th hour In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) Program.… AI Summary and…

  • Schneier on Security: CVE Program Almost Unfunded

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/04/cve-program-almost-unfunded.html Source: Schneier on Security Title: CVE Program Almost Unfunded Feedly Summary: Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This…

  • Slashdot: CISA Extends Funding To Ensure ‘No Lapse in Critical CVE Services’

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/04/16/1441255/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: CISA Extends Funding To Ensure ‘No Lapse in Critical CVE Services’ Feedly Summary: AI Summary and Description: Yes Summary: The extension of funding for the Common Vulnerabilities and Exposures (CVE) program by CISA is crucial in maintaining continuity in cybersecurity operations. The importance of the CVE program is underscored…

  • Cisco Talos Blog: Eclipse and STMicroelectronics vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/eclipse-and-stmicroelectronics-vulnerabilities/ Source: Cisco Talos Blog Title: Eclipse and STMicroelectronics vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure…

  • Slashdot: Cybersecurity World On Edge As CVE Program Prepares To Go Dark

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/04/16/0050230/cybersecurity-world-on-edge-as-cve-program-prepares-to-go-dark?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Cybersecurity World On Edge As CVE Program Prepares To Go Dark Feedly Summary: AI Summary and Description: Yes Summary: The potential expiration of MITRE’s DHS contract on April 16, 2025, threatens the continuity of the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs, which are crucial…

  • Krebs on Security: Funding Expires for Key Cyber Vulnerability Database

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/ Source: Krebs on Security Title: Funding Expires for Key Cyber Vulnerability Database Feedly Summary: A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that…

  • Anchore: The NVD Enrichment Crisis: One Year Later—How Anchore is Filling the Vulnerability Data Gap

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/nvd-crisis-one-year-later/ Source: Anchore Title: The NVD Enrichment Crisis: One Year Later—How Anchore is Filling the Vulnerability Data Gap Feedly Summary: About one year ago, Anchore’s own Josh Bressers broke the story that NVD (National Vulnerability Database) was not keeping up with its vulnerability enrichment. This week, we sat down with Josh to see…