Security Database Used by Apple Goes Independent After Funding Cut [Updated] - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Security Database Used by Apple Goes Independent After Funding Cut [Updated]

Update: Following the CVE Foundation's announcement (below), CISA has said the U.S. government is extending funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program (via Bleeping Computer). Original story follows.


Apple, along with other tech companies, relies on the Common Vulnerabilities and Exposures (CVE) program to identify and track security flaws in its software. This critical cybersecurity resource now faces an uncertain future, after federal funding was today abruptly cut off.

bug security vulnerability issue fix larry
In response to the crisis, a coalition of longtime CVE Board members announced today the formation of the CVE Foundation, a non-profit organization dedicated to ensuring the continued operation of the vulnerability identification system.

"CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself," said Kent Landfield, an officer of the newly formed Foundation. "Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work—from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats."

The CVE program provides a standardized system for identifying and cataloging security vulnerabilities across all software and hardware, including Apple's macOS, iOS, iPadOS, and other products. When security researchers discover flaws, they're assigned unique CVE identifiers that allow companies like Apple to coordinate patches and updates.

MITRE Corporation, which has managed the program under contract with the U.S. Department of Homeland Security, confirmed that government funding expired on April 16. Reuters reports that the expiry may be linked to the federal government undergoing a radical downsizing driven in part by the Department of Government Efficiency (DOGE). The U.S. Cybersecurity and Infrastructure Security Agency (CISA), which is exposed to the downsizing, stated it is "urgently working to mitigate impact," as the sudden funding gap threatened to disrupt vulnerability management worldwide.

Security experts warned that without CVE, cybersecurity efforts would face "total chaos" as the common language used to communicate about vulnerabilities would effectively disappear. One researcher compared it to "suddenly deleting all dictionaries."

The newly established CVE Foundation aims to transition the program to a dedicated non-profit model that isn't dependent on a single government sponsor. The Foundation's organizers revealed they had been preparing for this possibility for the past year.

"For the international cybersecurity community, this move represents an opportunity to establish governance that reflects the global nature of today's threat landscape," the Foundation stated in its announcement.

The funding cut also affects the related Common Weakness Enumeration (CWE) program, which helps companies like Apple identify potential security issues before they become vulnerabilities.

The CVE Foundation is expected to release more details about its structure and funding plans in the coming days. Apple and other major tech companies will likely play a significant role in supporting it as a critical part of cybersecurity infrastructure.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Thursday July 2, 2026 6:10 am PDT by
If you pay for certain iCloud+ storage plans beyond the 5GB that Apple offers for free, you will receive two more perks on iOS 27 at no additional cost. A summary of the two new iCloud+ perks on iOS 27:Increased daily usage limits for some new Apple Intelligence features, including image generation in the revamped Image Playground app. HomeKit Secure Video cameras receive generated video...
Apple Event Logo

Apple Just Released a New Product

Thursday July 2, 2026 8:04 am PDT by
Apple's first product release of summer 2026 occurred this week, but do not get too excited, as it is merely the Beats Solo Buds in a new color. Beats Solo Buds are now offered in orange through Best Buy in the U.S., with availability set to expand to 7-Eleven stores in Japan on July 4. Apple already offered orange Solo Buds in India for free with the purchase of an iPhone 15 or iPhone 15 ...
iPhone 4 on Black Feature

Apple Facing One of Its Worst Leaks Since the iPhone 4

Thursday July 2, 2026 9:53 am PDT by
Apple supplier Tata Electronics recently suffered a cyberattack that resulted in thousands of confidential files being published on the dark web, and this reportedly included some photos and documents related to the upcoming iPhone 18 Pro. We have elected not to share any of the leaked photos in this story due to the illegal nature in which they were obtained, but they can easily be found...

Top Rated Comments

arkitect Avatar
16 months ago

MITRE Corporation, which has managed the program under contract with the U.S. Department of Homeland Security, confirmed that government funding expired on April 16. Reuters reports ('https://www.reuters.com/technology/us-funding-running-out-critical-cyber-vulnerability-database-manager-says-2025-04-15/') that the expiry may be linked to the federal government undergoing a radical downsizing driven in part by the Department of Government Efficiency (DOGE). The U.S. Cybersecurity and Infrastructure Security Agency (CISA), which is exposed to the downsizing, stated it is "urgently working to mitigate impact," as the sudden funding gap threatened to disrupt vulnerability management worldwide.
Just insanity from this administration…

Who in their right minds would defund this?

Almost as if they don't think of long term knock on effects.
Score: 46 Votes (Like | Disagree)
16 months ago
Now you can thank Trump for your viruses and malware, too. The winning never stops!
Score: 41 Votes (Like | Disagree)
tubular Avatar
16 months ago

There is so much waste, fraud, and corruption in the US government that cutting it quickly takes broad strokes.
What’s getting cut in broad strokes is Elmo’s claims about how much waste he’s found.

And if you want to talk about corruption, have you looked at the Felon In Chief lately? He’s using his powers as POTUS like a two-bit shakedown artist.
Score: 35 Votes (Like | Disagree)
16 months ago
Is there nothing of value that these idiots won't try to ruin?
Score: 34 Votes (Like | Disagree)
thejadedmonkey Avatar
16 months ago
That's like de-funding the national weather service, but for computers.
Score: 32 Votes (Like | Disagree)
tubular Avatar
16 months ago
Trump likes Russian hackers. Saves him the trouble of posting war plans on Signal.
Score: 27 Votes (Like | Disagree)