
The MITRE Thing was a wake-up call
April 15–16, 2025 was kind of a rough couple of days for the infosec community, because MITRE almost lost funding for much of the CVE and CWE programs[1]. The CVE (Common Vulnerability Enumeration) program run by MITRE underlies the National Vulnerability Database (NVD) that is core to a