A crucial system behind Android security updates just lost its funding (Update: Funding restored)

Robert Triggs / Android Authority TL;DR The US government has stopped funding the Common Vulnerabilities and Exposures (CVE) database, a standardized global system for identifying and tracking software vulnerabilities across platforms and devices, including Android. Without CVEs, Google’s monthly Android security bulletins may face delays, confusion, or reduced transparency. It’s unclear who, if anyone, will step in to maintain or replace the CVE system. Update, April 16, 2025 (11:01 AM ET): For a moment there it looked like malware authors were about to have a field day, but it now seems that the CVE program has found a last-minute reprieve — on multiple fronts, as well. In response to word of this funding termination, CVE Board members have announced the formal establishment of the new CVE Foundation. Apparently the risk to government support had been anticipated, and members of the CVE Board have been working to set up a new non-profit organization to continue the group’s missi ... Read full article.