1. United States
2. Wash.
3. Letter

I am writing to express deep concern regarding the imminent expiration of federal funding for the Common Vulnerabilities and Exposures (CVE) program, scheduled for April 16, 2025. As your constituent, I urge you to take immediate legislative or administrative action to ensure continued support for this critical national cybersecurity infrastructure. For over two decades, the CVE program, managed by MITRE, has served as a backbone for global cybersecurity. It provides standardized identifiers for publicly disclosed vulnerabilities, enabling efficient threat communication, assessment, and mitigation. The program is indispensable to the functioning of both private and public sector digital defense systems. Technology leaders such as Microsoft, Google, Apple, Intel, and AMD depend on the CVE system to prioritize security updates and responses. Even more concerning is the growing risk to critical infrastructure such as power grids, hospitals, and emergency response systems, which rely on real-time vulnerability intelligence to prevent potentially catastrophic cyberattacks. According to recent reporting from Forbes, The Verge, and WBOY News, the expiration of CVE funding could severely hinder the global coordination required to manage software and hardware vulnerabilities. Experts warn this could result in a breakdown of security response mechanisms, drastically increasing risk to businesses, communities, and national security. Moreover, related programs such as the Common Weakness Enumeration (CWE) are also at risk, compounding the threat landscape. MITRE has indicated it is committed to continuing the program but needs support to do so. I respectfully urge you to: • Advocate for renewal or expansion of CVE funding in upcoming budget discussions • Support policy mechanisms that ensure long-term stability for foundational cybersecurity initiatives • Engage with MITRE and relevant federal agencies to understand the implications of any disruption Our nation’s cybersecurity depends on proactive, well-supported systems like CVE. I hope you will act swiftly and decisively to protect this essential program and ensure the safety and resilience of our digital infrastructure. Thank you for your time and leadership. Sincerely,