• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Trump defunded the CVE program, the global de facto standard for software vulnerability tracking

mikeymikec

mikeymikec

Lifer
so was this waste, fraud, or abuse?

Right now while the orange monkey distracts everyone Voight and his minions are breaking as much shit as they can.
 
mikeymikec said:
www.nextgov.com

MITRE-backed cyber vulnerability program to lose funding Wednesday

Organizations across industry, government, national security and critical infrastructure rely on the CVE Program, which serves as the de-facto global standard for vulnerability identification and management.
www.nextgov.com www.nextgov.com

arstechnica.com

CVE, global source of cybersecurity info, was hours from being cut by DHS

Board members have launched a nonprofit to take over the program from MITRE.
arstechnica.com arstechnica.com

The mind boggles.
Click to expand...
Let's throw away all of the locks, build a wall that has no real purpose, and make friends with our enemies. Traitor in the WH.
 
Just playing devil’s advocate here—but this program is pretty well established and I assume ISVs (especially MS, Facebook, Google, Amazon, Apple etc.) are more than capable of funding the program as an ongoing concern. Will this really change anything?
 
UNCjigga said:
Just playing devil’s advocate here—but this program is pretty well established and I assume ISVs (especially MS, Facebook, Google, Amazon, Apple etc.) are more than capable of funding the program as an ongoing concern. Will this really change anything?
Click to expand...
I would want tech vulnerability tracking managed by an impartial body, rather than a company deciding to move the goalposts, play revisionism games, or deprioritize requests from competitors in a way that it considers to be personally beneficial, which is almost never beneficial to anyone else. Furthermore, most software companies believe that information transparency and security are mutually exclusive elements, which goes against the very core of an open vulnerability reporting system.

Government backing (normally, GQP bizarroverse aside) adds stability, the body doesn't have to worry about funding.
 
UNCjigga said:
Just playing devil’s advocate here—but this program is pretty well established and I assume ISVs (especially MS, Facebook, Google, Amazon, Apple etc.) are more than capable of funding the program as an ongoing concern. Will this really change anything?
Click to expand...

Does it make sense to have software companies control the purse strings of an organization tasked with finding and reporting CVEs in those company's software?
 
Mr.IncrediblyBored said:
Does it make sense to have software companies control the purse strings of an organization tasked with finding and reporting CVEs in those company's software?
Click to expand...
An individual company, no—but as a collective, there are tons of industry consortia that set standards for everything and are not truly regulated. I just thought this would be one instance where government funding/control isn’t necessary.

Sounds like that’s what’s happening in this case—https://www.thecvefoundation.org/home

I agree this was a ham-handed way to abruptly cancel funding without adequate warning, a public comment period, or contingency plans to properly transition to an independent foundation.
 
UNCjigga said:
An individual company, no—but as a collective, there are tons of industry consortia that set standards for everything and are not truly regulated. I just thought this would be one instance where government funding/control isn’t necessary.

Sounds like that’s what’s happening in this case—https://www.thecvefoundation.org/home

I agree this was a ham-handed way to abruptly cancel funding without adequate warning, a public comment period, or contingency plans to properly transition to an independent foundation.
Click to expand...
You're right that they could easily pivot away from the status quo (didn't the feds already reverse this inane decision?). Even so, they won't drop the announced plans for a CVE Foundation. Trump admin is totally untrustworthy and incompetent. In the scope of the federal budget, this program doesn't even amount to bread crumbs. It's probably equivalent to the money they'll spend on a powder room for Pete Hegseth.

In semi-related news, didn't an important DoD cybersecurity group resign en masse?

Daddy Vladdy must be so proud of his lapdog Trump and we're not even 100 days in yet.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top