back to resources
Blog

From Uncertainty to Unity: The Launch of the CVE Foundation Signals a New Chapter for Cybersecurity

Ray Kelly
Senior Product Manager
Posted:
April 16, 2025
read time:
0 mins
words by:
Ray Kelly

The cybersecurity world held its breath when news broke that the CVE Program—one of the industry's most trusted sources for publicly disclosed vulnerabilities—was on the brink of going dark due to expiring funding. For a moment, the future of vulnerability coordination looked uncertain.

As our own Ray Kelly, Sr Product Manager at Run Security, put it best: "The expiration of CVE funding could have been a serious blow to the cybersecurity community—but it’s turned into something really positive."

Rather than letting the program's fate be left up to debate, the launch of the CVE Foundation, has been announced — restoring confidence and reinstalling hope across the cybersecurity community. While the CVE Foundation plans to release further information about its transition planning in the coming days, the next steps remain unclear, especially considering CISA has confirmed that funding for MITRE's contract has been extended.

"I'm encouraged to see the launch of the CVE Foundation," Ray shared. "CVE has been such a vital part of our work, and knowing it now has a path forward—built by the community, for the community—is a huge step in the right direction."

The new CVE Foundation will operate as an independent, nonprofit entity, committed to ensuring that vulnerability identification remains vendor-neutral, transparent, and responsive to the evolving needs of the global cybersecurity ecosystem. This shift transforms what could have been a crisis into a catalyst—reinforcing the importance of collaboration and shared responsibility in the fight against cyber threats.

Between the contract extension and the launch of the nonprofit foundation, what could have been a crisis has instead become a catalyst—reinforcing the critical role of public-private partnerships and community-driven governance in securing our digital future. For those of us who depend on timely, coordinated vulnerability disclosure, this isn’t just good news—it’s a testament to what our community can accomplish when we rally behind the tools and standards that keep us secure.

Read more about the foundation here: thecvefoundation.org
And check out Forbes’ full coverage: Forbes Article  

Related Articles

view all articles
Blog
April 10, 2025
Falling into the AppSec Black Hole
Sydney Gangi
Director, Product Marketing
Blog
April 1, 2025
Runtime vs. Static Security: Which One Wins for Real-Time Threat Detection
Javier Rivera
Lead Threat Researcher
Blog
March 31, 2025
Stop Jumping Over Hurdles & Start Preventing Vulnerabilities
Abbey Bennett
Director, Product Management
we're online

We’re ready for you! Schedule a demo

Click the button below to get started.
Request A Demo
Runtime Security should be exactly how it sounds - always active and everywhere within your organization.
request a demo
About
Our CompanyMissionVisionValuesExecutives
Our Product
OverviewShift Left + Shift RightYour ChallengesOur Solution360 ValueEfficiencyBottom Line
Legal
Privacy PolicyTerms & ConditionsSecurity
© All Rights Reserved
back to top