Following a wave of security-pro support, nonprofit org Mitre announced today that its Common Vulnerabilities and Exposures (CVE) program has funding—for now, at least.

“The CVE site will not be going down today,” Mitre media spokesperson Lisa Fasold told IT Brew on April 16.

The news arrives after a government memo this week put the fate of one of cybersecurity’s most valuable resources—a massive catalog of existing software flaws often called the CVE—into question.

An internal message to a CVE board member, revealed on April 15, stated that the contracting path for the program would expire on April 16.

“Thanks to actions taken by the government, a break in service for the Common Vulnerabilities and Exposures (CVE) Program and the Common Weakness Enumeration (CWE) Program has been avoided. As of Wednesday morning, April 16, 2025, CISA identified incremental funding to keep the Programs operational,” Yosry Barsoum, VP and director for the Center for Securing the Homeland at Mitre, shared in an emailed statement with us.

Read the rest here.—BH

Landing a job as a software developer? Yay! Going through the hiring process to land it? Nay.

It’s a tough time to be a software developer looking for a new gig. A recent HackerRank report found that 74% of developers feel it is hard or very hard to get a job in tech today. The report, which queried more than 13,000 developers around the world, says the problem lies in how companies hire and evaluate talent, citing résumé filters, LeetCode-style tests, and “slow processes” as some points of friction.

Refurbished recruiting practices. Jimmie Lee, founder and CEO of JLee & Associates, a Bellevue, Washington-based technology advisory firm, told IT Brew that part of the reason behind the current unfavorable recruitment process is that the industry is in a buyer’s market, meaning the ball is in the court of those seeking out talent.

“Now, it’s flipped and there’s tons of talent, and companies don’t have to go over and above to hire that talent,” Lee said.

He added that the Covid-19 pandemic also caused a shift away from common practices, such as bringing applicants in to code on a whiteboard, toward conducting interviews largely online and with a bigger reliance on algorithmic testing.

Read more here.—BM

Going passwordless is difficult for a lot of companies, even the ones with “security” in the name.

Jim Taylor, chief product and technology officer (and resident IT professional) at RSA Security, spoke with IT Brew about lessons learned as he led the deployment of passkeys, biometrics, and other non-password implementations across the organization. Two major keys to passwordless success, he said, include having lots of options and lots of patience.

“There’s no big switch. I wish there was a big red button that you could just press and go, ‘Ta-da!’ with passwordless, right? It doesn’t work like that,” Taylor told IT Brew.

The best security is optionality. RSA began its efforts just under a year ago, according to Taylor, starting with enabling passwordless login on the company laptops—a “gateway,” he said, to initiate more passwordless options across the company.

If the company detects an elevated risk due to a factor like an unexpected login location, the system can trigger a secondary authentication method on the user’s phone, such as a push notification or QR code scan, according to Taylor. The out-of-band approach acts as extra security, given the unlikelihood that an attacker has access to both a laptop and a mobile device.

Keep reading here.—BH