Skip to content
Sign Up for Our Newsletter
About
Close About
Open About
About the Institute for Security and Technology
Our Team
Board Of Directors
Careers
Contact Us
Featured Events
Cyber Policy Awards
Critical Effect DC
Projects
Close Projects
Open Projects
AI and NC3
Pioneering action-oriented efforts to explore how advanced AI capabilities will be integrated into nuclear command, control, and communications
AI Antitrust and National Security
Exploring how to more effectively account for national security considerations in AI antitrust cases while respecting precedent, scope, and the core principles of antitrust law
AI Risk Reduction Initiative
Assessing the emerging risks and opportunities of AI foundation models and developing risk reduction strategies
AI Chip Export Control Initiative
Safeguarding U.S. national competitiveness by closing critical compliance and enforcement gaps
AI Risk Barometer
Measuring national security professionals’ perceptions of AI futures through a technically-informed survey
CATALINK
Preventing the onset or escalation of conflict by building a resilient global communications system
Energy FIRST
Powering U.S. and allied security & prosperity through a resilient energy future
Ransomware Task Force (RTF)
Combating the ransomware threat with a cross-sector approach
Religious Voices and Responsible AI
Engaging religious communities on safe and beneficial AI
SL5 Task Force
Strengthening AI security through a multistakeholder approach
UnDisruptable27
Driving more resilient lifeline critical infrastructure for our communities
All Projects
» Explore all of IST's projects, past and current
Focus Areas
Future of Digital Security
Geopolitics of Technology
Innovation and Catastrophic Risk
Events
Insights
Contact
Search
Donate
Archive
vulnerability management
Report
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerability identifiers has been a core element of software security since 1999. But recent funding issues have laid bare fundamental challenges, and without action, the vulnerability identification landscape will fragment. This report provides recommendations for global policymakers on how to reimagine the CVE Program for the next 25 years.
Common Vulnerabilities and Exposures
,
CVE
,
Global Vulnerability Catalog
,
National Vulnerability Management Program
,
software
,
vulnerability identification
,
vulnerability management
October 8, 2025
Event
August 5, 2025 1:00 pm
What should CVE be when it grows up?
At Security BSides Las Vegas, IST Senior VP Bob Lord moderated a panel on the future of the CVE program. What are the challenges it faces? What governance models should be considered?
CISA
,
CVE
,
Hacker Summer Camp
,
vulnerability management
August 5, 2025
Event
July 18, 2023 3:00 pm
Castles Built on Sand: Digging into the Foundation | Towards Securing the Open-Source Software Ecosystem
On July 18, 2023 Politico’s John Sakellariadis moderated a conversation with the authors of Castles Built on Sand to dig into the foundation of our recommendations to secure the open-source software ecosystem.
Log4j
,
open source software
,
software security
,
vulnerability management
July 18, 2023
Report
Castles Built on Sand: Towards Securing the Open-Source Software Ecosystem
Castles Built on Sand advocates for a fundamental shift in the open-source software ecosystem. Taking the Log4j vulnerability as a case study, the paper seeks to understand the documentation of its development, the transparent response and mitigation efforts at each stage of the disclosure cycle, and its ongoing exploitation.
cybersecurity
,
Log4j
,
open source software
,
vulnerability management
April 17, 2023
Blog
A Most Dangerous Precedent
As digital authoritarian regimes rise across the globe, the internet has increasingly turned towards balkanization, isolating citizens within digital borders.
China
,
cybersecurity
,
digital authoritarianism
,
vulnerability management
,
zero days
July 19, 2021
Search
Search
Home
About
CATALINK BRIEF
FAQ
Our Team
Why do we need crisis communications?
Activities
Events
Insights
Podcasts
Press
Get In Touch
