Pillar Of America's Cyber Security Lost Funding Temporarily: What Investors Should Know About CVE Program, Funding Extension

Author: Chris Katje | April 17, 2025 10:15am

The cybersecurity sector may be breathing a sigh of relief after a deal was reached to continue funding for the Common Vulnerabilities and Exposures database, commonly known as the CVE program.

What Happened: The 25-year-old CVE program is used to identify cybersecurity vulnerabilities and has been considered a vital part of the cybersecurity sector.

News spread this week that funding for the CVE program expired on April 16 and a contract with the U.S. Department of Homeland Security had not been renewed. However, in a last-minute turnaround, the program was reinstated, according to a Forbes report.

"The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services," a CISA (Cybersecurity and Infrastructure Security Agency) spokesperson told Forbes.

The report said the CISA's extension of funding will last 11 months.

A new body, which includes a subset of the CVE Board, will break off and maintain the CVE Program, according to the report.

"The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures Program, a critical pillar of the global cybersecurity infrastructure for 25 years," the new CVE governing body said.

Read Also: Cybersecurity Report Flags 7 Major Threats Against Governments, Corporations: Stocks And ETFs To Watch

Why It's Important: Experts warned that the end of the CVE Program could lead to increased vulnerabilities in the cybersecurity sector.

"Without CVE, defenders are at a massive disadvantage against global cyber threats," CVE Board Member Kent Landfield said. "CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself."

If the CVE had not been able to continue its funding, the list of logged vulnerabilities would have ended, and organizations could have been more vulnerable to attacks.

The funding extension eases worries temporarily but leaves questions about the future of the CVE, which comes as cybersecurity attacks have increased and remain a key concern for large companies.

Investors seeking exposure to the cybersecurity sector have several options, including individual stocks and ETFs. These are the largest ETFs covering the sector:

• First Trust Nasdaq Cybersecurity ETF (NASDAQ:CIBR)
• Amplify Cybersecurity ETF (NYSE:HACK)
• Global X Cybersecurity ETF (NASDAQ:BUG)
• iShares Cybersecurity And Tech ETF (NYSE:IHAK)

In the ETFs, some of the top holdings include CrowdStrike Holdings (NASDAQ:CRWD), Broadcom Inc (NASDAQ:AVGO), Cisco Systems (NASDAQ:CSCO), Check Point Software (NASDAQ:CHKP) and Okta Inc (NASDAQ:OKTA).

Read Next:

• Whistleblower Says DOGE May Have Caused Major Cybersecurity Breach At US Labor Agency

Photo: Shutterstock

Posted In: AVGO BUG CHKP CIBR CRWD CSCO HACK IHAK OKTA