US abruptly turns off funding for CVE program
(www.theregister.com)
from floofloof@lemmy.ca to cybersecurity@sh.itjust.works on 16 Apr 02:29
https://lemmy.ca/post/42370753
from floofloof@lemmy.ca to cybersecurity@sh.itjust.works on 16 Apr 02:29
https://lemmy.ca/post/42370753
cross-posted from: lemmy.bestiver.se/post/328810
threaded - newest
Trump was so right - I’m very sick of “winning”.
Goddamnit.
All part of the plan to let Russian hackers take whatever they want.
China: Don’t mind if I do!
Let me guess, DOGE bros didn’t know what it was?
DOGE tech bros 100% know what it is. But they’re also probably the kind of devs that hate fixing issues surfaced by CVE’s in dependencies. Have seen my fair share of these types of ‘engineers’. Same kind of folks who see qa and testing as the enemy.
They’re script kiddies, they use CVE to figure out which hacking scripts to use to break into servers that haven’t been updated in years.
I don’t think they’re this savvy, this is likely just another one of Putin’s orders.
If that were the case, they’d want to keep it going.
I was more implying that if this blows up in the their face, the public statement will be it was a mistake, made from ignorance, to evade responsibility. Sorry if that didn’t come off clearly. Making sure implication gets across online sucks.
I’m honestly not so sure, they are really clueless when it comes to technology.
They absolutely know, they want to avoid the accountability of acknowledging and fixing vulnerabilities, which is why they’re trying to kill CVE.
This is awful.
What an astoundingly stupid idea. I can’t think of many programs that deliver more value per dollar for everyone who develops or uses technology than the CVE program. This administration keeps raising the bar for stupidity.
But CVE hurts Trump’s people, the scam artists and spammers and of course his buddies in Russia.
“Stupid face, you don’t need that nose!” - America
This is an oddly close timing with 4chan getting hacked and leaking a bunch of user and mod accounts with .gov emails in them
Can the EU ‘buy’ Mitre and continue the programme in Europe away from Russo-American hands?
The site needs to be scraped asap, and a clone needs to happen asap.
One of the benefits of it being such a widely used system is that we don’t need to make a special effort to do so. It’s already been aggregated and copied around as part of routine optimization by any number of security conscious engineers who aren’t trying to make the world a worse place.
I’ve personally worked on at least three systems at two employers where making an automated copy of the data regularly was just an early optimization and matter of etiquette.
It’s a good opportunity to learn how to do it though! You have or can get all the tools you need on your computer.
No. MITRE is a federally funded research and development center (FFRDC). The only customer it’s allowed to have is the US government.
Fair enough. They should scrape all data, and fork a new version then.
This is one of the worst acts of DOGE, fucking assholes.
they have actually prepared for this
www.thecvefoundation.org
Thanks for sharing!🤗
What’s more free than exposing all your vulnerabilities?
MURICAAAAAA baby
No one has mentioned anything about how CISA – as gutted as they are – has stepped up to ensure funding for the next 11 months. CVEs aren’t going anywhere.