Kehlan Rutan

MITRE announced on April 15 that their CVE contract ends on April 16. That timing alone raises some questions. The language in the message feels very deliberate: “We’re committed,” “considerable efforts,” “if a break were to occur” – while they know a break will happen the next day. That’s not just unfortunate timing. It looks like controlled messaging, maybe even a pressure move. CVE isn’t some massive budget item. It’s a lightweight system with probably a small core team and some automation. I’d guess a handful of full-time staff, not dozens. So cutting this - of all things - doesn’t really look like cost-saving. If the goal was to send a message about funding or contract uncertainty, they picked the most visible and disruptive program. And it worked – everyone’s paying attention. It’s worth noting that MITRE owns the CVE and CWE trademarks. Even if someone else takes over, they’ll still be operating within MITRE’s legal boundaries. All in all, this looks less like a necessary budget cut and more like a strategic decision to generate visibility and urgency. Hard to read it any other way.