The government will continue funding the Common Vulnerabilities and Exposures (CVE) program. In a statement to The Verge, US Cybersecurity and Infrastructure Agency (CISA) spokesperson Jared Auchey said it “executed the option period on the contract to ensure there will be no lapse in critical CVE services” last night.
Usually the goal when funding stuff like this is to buy some influence to control major decisions. I wouldn’t put it beyond an independent foundation, to take just one example, to drastically reduce the deadlines between confidential disclosure and public release where some government or corporate controlled organization might set some that are more made for the slow speed of large org bureaucracy.