Strengthening global collaboration and vulnerability management
CVE Program Celebrates 25 Years of Impact in Cybersecurity
McLean, Va., & Bedford, Mass., October 22, 2024 — Today, the Common Vulnerabilities and Exposures (CVE®) Program proudly commemorates its 25th anniversary, marking a quarter century of enabling coordinated vulnerability management through global collaboration and innovation. Launched in 1999, the CVE Program has transformed the way organizations identify and manage cybersecurity vulnerabilities, enabling stronger defenses against cyber threats. The CVE 25th Anniversary Report is available now on cve.org.
MITRE presented the original vision for the CVE List in a groundbreaking white paper during the 2nd Workshop on Research with Security Vulnerability Databases. Since then, the CVE Program has evolved into a vital resource for cybersecurity professionals and serves as the backbone for the global vulnerability management ecosystem. The program has seen widespread adoption, with over 400 CVE Numbering Authorities (CNAs) from 40 countries now producing CVE Records that are incorporated into countless products and security advisories. From the initial 321 CVE Records in 1999, to over 240,000 in October 2024, CVE serves as a cornerstone for effective vulnerability management worldwide across national vulnerability databases, cybersecurity tool vendors, incident response operations, researchers, and policymakers.
“As we reflect on this historic milestone, we recognize the collective efforts of hundreds of organizations and thousands of individuals across our diverse partner community that contributed to making the CVE Program a success,” said Kent Landfield and Lisa Olson, speaking on behalf of the CVE Board.
"CISA is proud to sponsor the CVE Program. We are committed to working with the CVE Program’s community of international stakeholders to reduce cybersecurity risk by addressing the prevalence and impact of vulnerabilities across enterprises and technologies,” said Sandra Radesky, CISA associate director of vulnerability management.
“The success of the CVE Program is a testament to the power of federation; its collaborative approach brings together experts in industry, government, and academia across the globe to create a common and scalable vulnerability identification standard that provides a foundation for vulnerability management worldwide,” said Yosry Barsoum, vice president of the Center for Securing the Homeland at MITRE.
Looking ahead, the CVE Program is committed to expanding its reach and impact. Its priorities include continuing to increase program adoption and coverage through growing the CNA community in less-represented industry sectors, strengthening the connection between the program and its downstream consumers, and further increasing the value and quality of CVE Records through data enrichment.
As we reflect on 25 years of achievements, we encourage all cybersecurity professionals, researchers, and partners to engage with the CVE Program and contribute to its ongoing development. Together, we can continue to strengthen the global cybersecurity landscape and address the evolving challenges of our digital world.
For more information about the CVE Program and how you can get involved, visit https://www.cve.org.
About CVE
The CVE Program’s mission is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. It is used by organizations worldwide to enhance their cybersecurity practices and improve their vulnerability management processes.
CVE is sponsored by the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and managed by the Homeland Security Systems Engineering and Development Institute, which is operated by MITRE.
About MITRE
MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. Learn more at mitre.org.
Media Contact: Sarah Lytle, media@mitre.org