The U.S. government has renewed funding for the Common Vulnerabilities and Exposures (CVE) Program, a critical database for tracking cybersecurity flaws, just hours before its funding was set to expire. Established 25 years ago, the CVE program assigns unique identifiers to security vulnerabilities, facilitating consistent communication across the cybersecurity landscape. The renewal of funding comes amid concerns that without it, new vulnerabilities could go untracked, posing risks to national security and critical infrastructure. In response to the funding uncertainty, two initiatives emerged: the CVE Foundation, a nonprofit aimed at ensuring the program's independence, and the Global CVE Allocation System, a decentralized platform introduced by the European Union.

In addition to the CVE funding situation, Oregon Senator Ron Wyden has blocked the nomination of Sean Planky to lead the Cybersecurity and Infrastructure Security Agency (CISA) due to the agency's refusal to release a crucial unclassified report from 2022. This report details security issues within U.S. telecommunications companies, which Wyden claims represent a multi-year cover-up of negligent cybersecurity practices. The senator argues that the public deserves access to this information, especially in light of recent cyber threats, including the SALT typhoon hack that compromised sensitive communications.

The cybersecurity landscape is further complicated by significant layoffs at CISA, which could affect nearly 40% of its workforce, potentially weakening U.S. national security amid rising cyber threats. Recent cuts have already impacted critical personnel, including threat hunters, which could hinder the agency's ability to share vital threat intelligence with the private sector. Meanwhile, the Defense Digital Service at the Pentagon is facing a mass resignation of nearly all its staff, following pressure from the Department of Government Efficiency, which could effectively shut down the program designed to accelerate technology adoption during national security crises.

On the technology front, OpenAI has released new AI reasoning models, O3 and O4 Mini, but notably did not provide a safety report for the new GPT-4.1 model, raising concerns about transparency and accountability in AI development. The lack of a safety report is particularly alarming as AI systems become more integrated into client-facing tools. Additionally, SolarWinds Corporation has been acquired by Ternerva Capital, prompting managed service providers (MSPs) to reassess their dependencies on SolarWinds products and consider the implications for product roadmaps and support guarantees.

Four things to know today

00:00 From Panic to Pivot: U.S. Saves CVE Program at the Eleventh Hour

04:17 A Cybersecurity Meltdown: One Senator Blocks, Another Leader Quits, and a Whole Pentagon Team Walks Out

08:54 OpenAI Just Leveled Up AI Reasoning—But Left Out the Fine Print

11:45 SolarWinds Is Private Again: What That Means for MSPs Watching the Roadmap

Supported by:  https://www.huntress.com/mspradio/

https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship

Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0

All our Sponsors:   https://businessof.tech/sponsors/

Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/

Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/

Support the show on Patreon: https://patreon.com/mspradio/

Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech

Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com

Follow us on:

LinkedIn: https://www.linkedin.com/company/28908079/

YouTube: https://youtube.com/mspradio/

Facebook: https://www.facebook.com/mspradionews/

Instagram: https://www.instagram.com/mspradio/

TikTok: https://www.tiktok.com/@businessoftech

Bluesky: https://bsky.app/profile/businessof.tech