European Cybersecurity Must Take Action

Yesterday, MITRE released an urgent communication to the global cybersecurity community: the funding pathway for the CVE (Common Vulnerabilities and Exposures) program is set to expire today, April 16, 2025.

Without immediate intervention, the world’s most critical reference for vulnerability management could face a service disruption, with potentially devastating consequences for all digital ecosystems.

Why does this matter?

CVE is the backbone of vulnerability identification and coordination. Every security tool, advisory, and incident response process relies on it. As MITRE warns in their letter, a break in service would mean:

  • Deterioration of national vulnerability databases and advisories
  • Disruption for tool vendors and incident response teams
  • Increased risks for critical infrastructure across the globe

“If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure.”
— MITRE, April 15, 2025

What can we do in Europe?


As a CISO and member of the Italian and European cybersecurity community, I believe this is a wake-up call.

We cannot afford to be passive spectators. The time has come for Europe to step forward and ensure the continuity of this essential service.

Our proposal:

  • Immediate engagement with ENISA (the European Union Agency for Cybersecurity) to coordinate a European response and ensure continuity of the CVE program, even temporarily.
  • Direct contact with MITRE to offer European support and collaboration.
  • Mobilization of the CISO community and all relevant associations to advocate for a unified, proactive approach.

I am coordinating an open letter to ENISA on behalf of the Italian CISO community, calling for urgent action and offering our collective expertise and support. If you want to be part of it let me know!

How you can help:

  • Share this news to raise awareness.
  • If you are a CISO, represent an association or organization, join our initiative.
  • Let’s make our voice heard: Europe must not be left vulnerable.

You can read more here and the MITRE communication here.

This is a crucial moment for our digital future.

If you want to join or support the open letter, comment below or contact me directly. Together, we can make a difference.