The US federal government is rethinking how to support its globally adopted vulnerability tracking ecosystem after years of backlogs, funding scares, and growing doubts about whether the existing model can scale as vulnerability disclosures continue to accelerate. At the center of that ecosystem, there are two distinct but interdependent components. The Common Vulnerabilities and Exposures program, operated by Mitre, assigns standardized identifiers to software flaws. The National Vulnerabili
govtech (2)
2025 marked yet another busy year in security, between big attacks, government shakeups, and dangerous flaws that echo of the past. The moments that defined this year were impactful but felt evenly spread across the year. Early in 2025, we observed the China-nexus advanced persistent threat (APT) Salt Typhoon continuing its assault against telecom companies as part of its espionage operations. In the summer and into the fall, we saw the Cybersecurity and Infrastructure Security Agency (CISA)
