Members Send Letters Requesting Information on Cyber Program to Ensure it is Meeting its Mission in a Timely and Effective Manner
WASHINGTON, DC – Today, Energy and Commerce Committee Chairman Greg Walden (R-OR), Oversight and Investigations Subcommittee Chairman Tim Murphy (R-PA), Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta (R-OH) and Communications and Technology Subcommittee Chairman Marsha Blackburn (R-TN), sent two letters to the Department of Homeland Security (DHS) and MITRE Corporation. In both letters, committee leaders ask for an evaluation of the Common Vulnerabilities and Exposures (CVE) program—a program that tracks and monitors cyber vulnerabilities and risks relevant to modern security.
In light of recent reports indicating that the CVE program may not be keeping up with present day vulnerabilities and risks, members are requesting documents from both MITRE and DHS in order to better understand the program’s shortcomings and what steps need to be taken to rectify these deficiencies.
“In spring 2016, press reports revealed complaints that requests for CVE numbers for vulnerabilities reported to MITRE either were taking several weeks or months to process, or were going unanswered. In addition, some individuals and organizations seeking CVE numbers were told that their vulnerabilities were ‘out of scope’ for CVE, and had their vulnerabilities rejected from the program. Over the past year, MITRE has made several updates to the CVE program. While these changes have improved the functioning of the system, and MITRE’s engagement with its stakeholder community has greatly increased, both the larger community and MITRE agree that significant work is necessary to ensure timely coverage of affected products and services,” write Walden, Murphy, Latta and Blackburn.
The leaders continue, “The explosion of connected devices and services that has been associated with the CVE program’s shortcomings, while rapid, did not occur overnight. In light of this, we seek to understand how MITRE and the CVE program failed to anticipate and prepare for this growth in demand for its services and what more may be done to ensure this program can more effectively serve its essential mission.”
To read a copy of the letter to DHS, click here.
To read a copy of the letter to MITRE, click here.