The reason you don't have to worry about Android security almost went dark
When you buy through links on our articles, Future and its syndication partners may earn a commission.
Most users of technology don't have to consciously think about security vulnerabilities on their most-used devices, including Android-based products, very often. As long as you update your phone as soon as new security patches are available, you're usually covered. However, there's an intricate government-supported program operating to make that all possible, and it almost went dark today.
After roughly 24 hours of uncertainty, the U.S. Cybersecurity and Infrastructure Agency (CISA) announced that it would continue funding the Common Vulnerabilities and Exposures (CVE) on the day its previous contract was set to expire. Today, April 16, a spokesperson for the CISA told The Verge that the agency "executed the option period on the contract to ensure there will be no lapse in critical CVE services."
But it went down to the wire in a move that could've sent the entire globe into a tech security nightmare.
It all has to do with the CVE program, which identifies and tracks security issues in public view, from the point a potential problem is identified to the time when a proper fix is issued. It has nearly 500 partners that include security researchers, open-source developers, and major companies — including big ones like Google, Microsoft, and Apple.
If the CVE program sounds familiar, that's probably because you've seen a CVE code mentioned in an article (like one of the many CVE-related ones on Android Central) or the release notes of an update. They're also a major part of monthly releases on the Android Security Bulletin. These codes, like CVE-2024-53104, start with CVE followed by the year and a number, and create a universal database to track security flaws across devices, platforms, and companies.
The CVE program has been active for 25 years, beginning in 1999. It has become invaluable to the security community, serving as a universal way for researchers, developers, companies, and the public to work together to discover and patch crucial vulnerabilities. More importantly, it publicly states whether a vulnerability is believed to have been actively exploited by bad actors.
Leading security researchers have pointed out the consequences of the CVE program shutting down, like Lukasz Olejnik on X (formerly Twitter).
"The consequence will be a breakdown in coordination between vendors, analysts, and defense systems — no one will be certain they are referring to the same vulnerability," wrote Olejnik, a scholar with advanced degrees in computer science and information technology law with specializations in privacy. "Total chaos, and a sudden weakening of cybersecurity across the board."
Luckily, it appears that the crisis has been avoided, as the federal government will continue to fund the CVE program for at least the near future. However, the decision coming down to the wire as the Trump administration slashes federal funding across the board puts the CVE program in a more uncertain position now than at any point in its 25-year history.
"The CVE Program is invaluable to the cyber community and a priority of CISA," the spokesperson said in a statement to The Verge. "We appreciate our partners' and stakeholders' patience."
But that final green light didn't come quick enough, as the security world already started making plans to keep the CVE program up and running — even without federal funding. CVE board members created the CVE Foundation, a nonprofit planned for in secret for the past year that would ensure the CVE mission continues.
"CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself," said Kent Landfield, an officer of the CVE Foundation, in a press release. "Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work, from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats."
The foundation explains that it is concerned that having a single government sponsor could create "a single point of failure in the vulnerability management ecosystem."
The CVE program is a critical part of Android security, and it should be relevant to every single person who touches an Android-based device. Although government funding has been acquired for now, the moves that have been set in motion by the last-minute decision may not be reversed. The CVE Foundation is here, and it might be here to stay.
There's no word on whether the CVE Foundation will continue to operate now that the CVE program has retained U.S. government funding, but the foundation said more information will be released "over the coming days." The immediate U.S. government funding doesn't solve the long-term problem the CVE Foundation has identified — the possibility of having a single point of failure — so there still may be a reason for it to exist.
Regardless of how this all plays out, the decision to fund the CVE program should've never come this close to ending a crucial global security program. Most of us have the luxury to not think about device security that often, and it's programs like the CVE that allow us that privilege.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
32 minutes ago
- Yahoo
Oracle shares soar as AI cloud demand propels revenue forecast
(Reuters) -Oracle shares surged nearly 8% in premarket trading on Thursday after the company raised its annual revenue forecast, driven by strong demand for its AI-related cloud services. The stock has risen nearly 6% so far this year as confidence in the software sector remained strong despite geopolitical tensions, even as analysts warn that U.S. President Donald Trump's tariffs could undermine Big Tech's AI investments. Earlier this year, Oracle, whose cloud offerings help companies build their AI infrastructure, announced a joint venture called Stargate to deliver large-scale computing capabilities to OpenAI. "Oracle's once-stodgy image levels up to 'cloud-native mage,' and the competitive map now looks less like a classic three-player real time strategy and more like a battle-royale with everyone dropping in, looking for compute loot", said Michael Ashley Schulman, partner at Running Point Capital Advisors. Oracle expects total revenue to be at least $67 billion for fiscal 2026, CEO Safra Catz said on a post-earnings call. The Texas-based company's cloud services quarterly revenue rose 14% to $11.70 billion. Its overall revenue of $15.90 billion beat estimates of $15.59 least nine brokerages have raised their price target post-earnings. Oracle trades at a forward price-to-earnings ratio of 25.86, compared to rivals Microsoft at 31.34 and Amazon at 31.80, according to data compiled by LSEG. Microsoft's stock has gained 12.16%, while Amazon's has decreased by 2.8% so far this year. "ORCL has entered an entirely new wave of enterprise popularity that it has not seen since the Internet era in the late 90s," analysts at Piper Sandler added.
Newsweek
43 minutes ago
- Newsweek
China Closer To Solving Hyperloop Train's Biggest Flaw
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Chinese researchers have announced breakthroughs that may resolve the most persistent engineering flaw in vacuum-tube maglev systems, an issue that has stumped Elon Musk and other developers. Scientists in Shanxi province, working at the country's first full-scale maglev vacuum test facility, say they've developed a suspension system that dramatically reduces the intense vibrations that plagued earlier Hyperloop prototypes. Why It Matters Hyperloop technology has the potential to get passengers from point A to point B at record speeds. It uses magnetic levitation through vacuums, which means there is no air resistance on the front of the vehicle, allowing transport tubes to move at speeds of up to 200 miles per hour. The technology has been tested across the world, including India and Italy. What To Know However, current versions of the technology often produce intense vibrations that would make travel very difficult for passengers inside the tubes. These turbulent oscillations, especially at speeds exceeding 373 mph, previously rendered the passenger experience physically intolerable, even "unbearable," according to some engineers. However, Chinese researchers have now developed an AI-guided suspension system that counters the worst of these vibrations. Scientists at the China Aerospace Science and Industry Corporation said that their suspension system reduced vertical vibrations by 45.6 percent and achieved comfort scores below the Sperling Index threshold of 2.5, a scale for assessing ride comfort and quality in rail vehicles. People look at a demostration test sled after the first test of the propulsion system at the Hyperloop One Test and Safety site on May 11, 2016 in North Las Vegas, Nevada People look at a demostration test sled after the first test of the propulsion system at the Hyperloop One Test and Safety site on May 11, 2016 in North Las Vegas, Nevada Getty Images The engineers combined two different approaches to neutralize disruptive motion in near-vacuum conditions. The first simulates an invisible, stabilizing tether that is "hooked to the sky," adjusting to vehicle motion dynamically. The second uses a tuning algorithm to adapt to changing environmental inputs and correct deviations in real-time. This approach is managed by an artificial intelligence module trained through genetic algorithms to control the suspension system. Testing with a scale model vehicle was conducted using a motion simulator based in Shanxi. What People Are Saying A spokesperson for HyperloopTT, the Los Angeles-based company delivering Italy's hyperloop project, told Newsweek: "We're witnessing the transition from hyperloop as a futuristic concept to an imminent reality. "Hyperloop is a system that moves people and goods safely, efficiently, and sustainably by bringing airplane speeds to the ground." At a Boring Company launch event, Elon Musk said: "The Loop is a stepping stone toward Hyperloop. The Loop is for transport within a city. Hyperloop is for transport between cities, and that would go much faster than 150 mph." What Happens Next The scale model tests will evolve into full-scale tests in China while other projects across the world continue to advance.
Yahoo
an hour ago
- Yahoo
Tencent Said to Study Deal for $15 Billion Game Developer Nexon
(Bloomberg) -- Tencent Holdings Ltd. is studying a potential deal for Nexon Co., as the Chinese internet giant looks for ways to bolster its lucrative gaming operations, people with knowledge of the matter said. Shuttered NY College Has Alumni Fighting Over Its Future Trump's Military Parade Has Washington Bracing for Tanks and Weaponry NYC Renters Brace for Price Hikes After Broker-Fee Ban NY Long Island Rail Service Resumes After Grand Central Fire Do World's Fairs Still Matter? Shenzhen-based Tencent has reached out to the family of Nexon's late founder Kim Jung-ju to discuss the possibility of an acquisition, the people said, asking not to be identified because the information is private. Kim's family has been speaking to advisers and evaluating options, according to the people. Kim's relatives hold their stake through family investment firm NXC Corp., which — together with affiliated unit NXMH BV — owned 44.4% of Nexon as of June 30, according to Nexon's interim report. Kim's wife and daughters own about 67.6% of NXC. It's unclear how receptive NXC is to a sale of the Nexon holding, and there's no certainty Tencent's deliberations will lead to a transaction, the people said. The structure of any deal hasn't been finalized, they added. A representative for Tencent didn't respond to a request seeking comment, while Nexon and NXC declined to comment. The move comes as Tencent, which already pursued an acquisition of Nexon in 2019, makes fresh forays into other South Korean assets. A subsidiary agreed to buy a nearly 10% stake in Seoul-based music producer SM Entertainment Co. in late May, just as an unofficial ban on K-pop in mainland China wanes. Known for role-playing games like MapleStory, Nexon was founded in South Korea in 1994 and listed in Japan in 2011, in one of the biggest tech-related initial public offerings at the time. Nexon shares have climbed more than 10% in Tokyo trading this year, giving the company a market value of about $15 billion. Changes in the shareholding structure after Kim's death in 2022 could complicate any deal. Family members handed the Korean government a stake in the NXC holding company in 2023 to settle an inheritance tax bill. Kim's wife and two daughters inherited his stake in NXC after he died in Hawaii. The family also sold treasury shares in NXC back to the holding company for 650 billion won ($478 million) in August. The Korean government has sought to sell its holding but failed to find a suitor, local media reported. Shares of rival game developers like Ubisoft Entertainment SA, GungHo Online Entertainment Inc. and Sega Sammy Holdings Inc. have declined this year. While Nexon shares are up in 2025, they're nearly 30% off a peak in 2021. NXC explored a sale of its Nexon stake six years ago, attracting interest from Tencent as well as buyout firms such as KKR & Co. and Hillhouse. The sale process was eventually shelved because of a failure to agree on price, Bloomberg News reported at the time. Nexon and Tencent have already worked together, developing Dungeon & Fighter, a key revenue generator. In March, Tencent agreed to invest €1.16 billion ($1.3 billion) for a 25% stake in a new Ubisoft unit that holds the rights to intellectual properties including Assassin's Creed. Nexon's first-quarter net sales totaled about ¥114 billion, while net income was ¥26 billion. --With assistance from Sohee Kim and Zheping Huang. New Grads Join Worst Entry-Level Job Market in Years American Mid: Hampton Inn's Good-Enough Formula for World Domination The Spying Scandal Rocking the World of HR Software The SEC Pinned Its Hack on a Few Hapless Day Traders. The Full Story Is Far More Troubling Cavs Owner Dan Gilbert Wants to Donate His Billions—and Walk Again ©2025 Bloomberg L.P.
