The CVE Foundation Launches to Sustain the CVE Program After USG Funding Cuts

By /

Listen to this Post

The non-profit CVE Foundation has been established to continue the Common Vulnerabilities and Exposures (CVE) program after the U.S. government cut its funding. This initiative ensures the ongoing identification, cataloging, and public disclosure of cybersecurity vulnerabilities, which is critical for maintaining global cybersecurity defenses.

You Should Know:

The CVE program is essential for cybersecurity professionals, enabling standardized vulnerability tracking. Below are key commands, tools, and steps to interact with CVE data effectively.

1. Searching for CVEs

Use cve-search, an open-source tool to query CVE databases locally: 

git clone https://github.com/cve-search/cve-search.git 
cd cve-search 
pip3 install -r requirements.txt 
./sbin/db_mgmt.py -p  Populate the CVE database 
./bin/search.py -c CVE-2024-1234  Search for a specific CVE

2. Fetching CVE Data via API

The NVD (National Vulnerability Database) API allows automated CVE lookups: 

curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-1234" | jq

3. Vulnerability Scanning with OpenVAS

Install and run OpenVAS to detect vulnerabilities:

sudo apt update && sudo apt install openvas 
sudo gvm-setup 
sudo gvm-start

Access the dashboard at `https://127.0.0.1:9392` and scan targets for CVEs.

4. Mitigating CVEs with Patch Management (Linux)

Check for security updates:

sudo apt update && sudo apt list --upgradable 
sudo apt upgrade --only-upgrade <package>  Patch a specific vulnerable package

5. Windows CVE Patching

Use PowerShell to check missing patches:

Get-HotFix | Select-Object HotFixID, InstalledOn

Download patches from the Microsoft Update Catalog:

Invoke-WebRequest -Uri "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034442"

What Undercode Say

The CVE program is a cornerstone of cybersecurity, and its transition to the CVE Foundation ensures continuity. Security teams must:
– Regularly query CVE databases (cve-search, NVD API).
– Automate vulnerability scans (OpenVAS, Nessus).
– Prioritize patching (apt, yum, Windows Update).
– Monitor CVE Foundation updates for procedural changes.

Expected Output:

  • A structured vulnerability management workflow.
  • Automated CVE tracking scripts.
  • Compliance with patching policies.

Relevant URLs:

References:

Reported By: Brysonbort Non – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: