In a statement released today, the Cybersecurity Tech Accord recognizes the importance of the Common Vulnerabilities and Exposures (CVE) Program and registers our strong support for it, as a key program for identifying, cataloging, and distributing details about security vulnerabilities worldwide.
A strong, transparent CVE Program is vital for minimizing exposure to threats and supporting responsible vulnerability disclosure at an international level, facilitating rapid, coordinated risk management across both public and private sectors. To ensure that the CVE Program can be enhanced and its future can be safeguarded, we call for a more broad-based resourcing model based upon shared responsibility with active participation from governments around the world.
The Tech Accord urges governments to see the CVE Program as critical digital infrastructure and join its stewardship. Moving forward requires more than passive approval, it calls for proactive investment, policy alignment with global best practices, and ongoing collaboration with industry and civil society. Only through shared commitment can we secure the CVE Program’s resilience and effectiveness, strengthening the foundations of global cybersecurity and limiting the risks arising from vulnerabilities in our increasingly connected world.
The full statement can be found below.