Vulnerabilities like the CVE-2024-3393 and others are shared and fixed thanks to the Common Vulnerabilities and Exposures (CVE) initiative. CVE isn’t shutting down due to government funding issues – a CVE Foundation has been established instead.
Preface
Recently, the Internet has been flooded with a lot of information pertaining to the Common Vulnerabilities and Exposures (CVE) database shutting down due to government funding. According to a nonprofit R&D organization MITRE, its contract with the Department of Homeland Security (DHS) to maintain the CVE database came to an end on April 16, 2025. An announcement by the Cybersecurity & Infrastructure Security Agency on X has read:
According to Yosry Barsoum from CVE, “On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE) program and related programs, such as the Common Weakness Enumeration (CWE) program, will expire.”
Many have seen the end of the CVE program sharing things like CVE-2024-3393 as “tragic”, however, these days may not mark the end of CVE-2024-3393 after all.
The Birth of the CVE Foundation
At the same time, on April 16, 2025, the CVE Foundation was launched with an aim of securing the future of the CVE program.
According to CVE themselves, April 16 has marked the start of the CVE foundation to “ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years.”
In other words, CVE is now operating as a Foundation independent of government funding – the CVE Foundation has promised to release more information about its structure and plans over the coming days: it may not be the end of fixes to vulnerabilities like the CVE-2024-3393 after all.
What Can We Do to Protect Ourselves From Vulnerabilities Like the CVE-2024-3393?
Many have feared that the CVE program and fixes to vulnerabilities like CVE-2024-3393 is no longer – however, the inception of the CVE Foundation has proved otherwise. Since we are only in the forming days of the foundation, we’re going to see how it develops over the next months and years, but one thing that we can do to protect ourselves now is to make use of data breach search engines or their API solutions.
No matter if we’re developers or not, data breach search engines like BreachDirectory.com are immensely useful if we want to find out whether our online accounts are at risk of identity theft: the data breach search engine by BreachDirectory will not only tell us whether our account details are stolen but also advise us on what to do if they are acting as an indispensable tool in our arsenal.
Additionally, the BreachDirectory API will be of immense value to developers: it will let developers access data in BreachDirectory via a programmatic interface. Don’t want to search for yourself or use the API? Register for data breach notifications and be the first one to know once your most sensitive data is exposed.
Summary
With government funding towards CVE now shutting down, many have feared that the end of the Common Vulnerabilities and Exposures (CVE) database and fixes to vulnerabilities like CVE-2024-3393 is imminent. However, the establishment of the CVE Foundation is likely to prove otherwise. Time will tell whether the CVE Foundation will be a formidable threat to nefarious parties on the web, but regardless, the formation of a foundation spells great news for everyone involved.
While you’re getting excited for the foundation, don’t forget to follow BreachDirectory on X (Twitter), LinkedIn and Facebook, and until next time.