The contract expired today, but had an option period through March of 2026. DHS just needed to exercise the option.
Edit: Note the contract ended today April 16 - so performance would stop midnight tonight if the option wasn't exercised. Government contracts routinely go down to the wire like this, and often are late getting exercised. Why the uproar over this one? Did CISA signal to MITRE that they weren't going to exercise the option?
> Did CISA signal to MITRE that they weren't going to exercise the option?
An internal letter sent to CVE board members was making the rounds yesterday warning the current contract ("contracting pathway") would expire. The letter was authenticated by Brian Krebs[0]. Once Krebs authenticated the letter, people more or less assumed CISA was pulling funding, at least based on the infosec social media posts I saw.
CISA officials responded to multiple media inquiries (including the OP) with a statement that more directly said the contract would expire:
Although CISA’s contract with the MITRE Corporation will lapse after April 16, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.[1]
The contract expired today, but had an option period through March of 2026. DHS just needed to exercise the option.
Edit: Note the contract ended today April 16 - so performance would stop midnight tonight if the option wasn't exercised. Government contracts routinely go down to the wire like this, and often are late getting exercised. Why the uproar over this one? Did CISA signal to MITRE that they weren't going to exercise the option?