Image: CROCOTHERY/Adobe Stock The nonprofit organization MITRE, which maintains the Common Vulnerabilities and Exposures (CVE) database, said on April 15 that the US government funding for its operations will expire without renewal; however, in a last-minute reversal announced the morning of April 16, CISA said it has extended support for the database. At the same time, CVE Board members have founded the CVE Foundation, a nonprofit not affiliated with the US federal government, to maintain the CVE program. The CVE program, which has been in place since 1999, is an essential way to report and track vulnerabilities. Many other cybersecurity resources, such as Microsoft’s Patch Tuesday update and report, refer to CVE numbers to identify flaws and fixes. Organizations called CVE Numbering Authorities are associated with MITRE and authorized to assign CVE numbers. “CVE underpins a huge chunk of vulnerability management, incident response, and critical infrastructure protection efforts,” wrote Casey Ellis, founder of crowdsourced cybersecurity hub Bugcrowd, in an email to TechRepublic. “A sudden interruption in services has the very real potential to bubble up …