Cybersecurity @sh.itjust.works floofloof @lemmy.ca 4d ago

US abruptly turns off funding for CVE program

www.theregister.com Homeland Security funding for CVE program expires

Updated: Because vulnerability management has nothing to do with national security, right?

cross-posted from: https://lemmy.bestiver.se/post/328810

Comments

23 comments

No one has mentioned anything about how CISA -- as gutted as they are -- has stepped up to ensure funding for the next 11 months. CVEs aren't going anywhere.
What an astoundingly stupid idea. I can't think of many programs that deliver more value per dollar for everyone who develops or uses technology than the CVE program. This administration keeps raising the bar for stupidity.
- But CVE hurts Trump's people, the scam artists and spammers and of course his buddies in Russia.
Let me guess, DOGE bros didn't know what it was?
- DOGE tech bros 100% know what it is. But they're also probably the kind of devs that hate fixing issues surfaced by CVE's in dependencies. Have seen my fair share of these types of 'engineers'. Same kind of folks who see qa and testing as the enemy.
  
  They're script kiddies, they use CVE to figure out which hacking scripts to use to break into servers that haven't been updated in years.
  
  I'm honestly not so sure, they are really clueless when it comes to technology.
  
  I was more implying that if this blows up in the their face, the public statement will be it was a mistake, made from ignorance, to evade responsibility. Sorry if that didn't come off clearly. Making sure implication gets across online sucks.
- They absolutely know, they want to avoid the accountability of acknowledging and fixing vulnerabilities, which is why they're trying to kill CVE.
they have actually prepared for this

https://www.thecvefoundation.org/
- Thanks for sharing!🤗
All part of the plan to let Russian hackers take whatever they want.
- China: Don't mind if I do!
Goddamnit.
This is an oddly close timing with 4chan getting hacked and leaking a bunch of user and mod accounts with .gov emails in them
Trump was so right - I'm very sick of "winning".
This is one of the worst acts of DOGE, fucking assholes.
“Stupid face, you don’t need that nose!” - America
Can the EU 'buy' Mitre and continue the programme in Europe away from Russo-American hands?
- No. MITRE is a federally funded research and development center (FFRDC). The only customer it's allowed to have is the US government.
  
  Fair enough. They should scrape all data, and fork a new version then.
This is awful.

23 comments