The U.S. government extended a contract through which it finances the CVE Program, the cybersecurity industry’s go-to database of software vulnerabilities. T he contract has been extended for 11 months. CVE provides information about cybersecurity vulnerabilities in software products. The database has more than 170,000 entries and counting. By storing vulnerability details in one place, it removes the need for cybersecurity professionals to piece together information about an exploit from multiple sources. Each CVE record contains a technical description of the associated vulnerability and a severity score ranging from 0 to 10. This number is calculated based on factors such as the ease with which hackers can use the flaw to launch cyberattacks. CVE’s severity scores spare cybersecurity professionals some of the work involved in understanding new cyber risks’ impact, which can speed up remediation initiatives. The database is maintained by MITRE, a nonprofit funded by the U.S. government. The organization operates a network of federally financed research and development centers, or FFRDCs. One of those FFRDCs maintains the CVE databases, while the other centers focus on areas such as healthcare and aviation.