Asked whether leaving a renewal decision to the last minute was just a mistake of a new administration focused on other things, Schneier said he suspects it was decided that “this is within the blast radius” of cost cutting. Someone, he said, decided, “’We’re cutting everything, this is part of everything.’ That’s happened a bunch of times. Like [the way] they fired nuclear safety engineers, and then they said, ‘Wait, we might need those,’ so they tried to get them back. My guess is that’s what happened.”
Schneier couldn’t say why the contract was only extended for 11 months. “I don’t think there’s a signal in that at all.”
MITRE’s CVE program is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to cybersecurity products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.
