
MITRE, the cornerstone of global vulnerability tracking, announcing it could go dark. For years, the field had relied on this single repository, the bedrock for tracking software vulnerabilities. What happens when that rug is pulled from beneath an entire industry? Tal Zarfati, Architect Lead at JFrog Security, still recalls the tremor this news sent across the community. “It caught a lot of people by surprise,” he explained in a recent conversation. “No one thinks about CVEs until you log in one day and they’re gone.” Letter which was sent to CVE Board Members.A well oiled machine which is held together by funding is the industry’s reliance on MITRE’s CVE database.“There’s an ecosystem that has evolved ...