this post was submitted on 16 Apr 2025
311 points (99.4% liked)

Memes

50550 readers
633 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 6 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
311
CVE program (lemmy.ml)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
20 comments fedilink hide all child comments
 

References:

top 20 comments
sorted by: hot top controversial new old
[–] [email protected] 59 points 1 month ago* (last edited 1 month ago) (2 children)

Ooooooooooooooooooh shiiiiiiiiiiit that's not good

Like, for anybody who already understands that everything to do with computers talking to each other is basically held together with spit and tape, they're defunding the tape

CVE is THE definitive central source for "fix this potential hack now plz"--at least for things the US thought was too dangerous to keep secret for their own sneaky purposes. Oldheads may remember getting alerts from CERT.

I assume, being a public-facing service, that it wasn't profitable and therefore it's inefficient.

Like, EU CVD/CSIRT will undoubtedly step in to close that gap, but burning this is insane.

[–] [email protected] 41 points 1 month ago (1 children)

This is sticking your dick in a toaster levels of stupid

[–] [email protected] 20 points 1 month ago (2 children)
[–] [email protected] 11 points 1 month ago (1 children)

he-laughed this must have been embedded in my subconscious

[–] [email protected] 5 points 1 month ago (1 children)
[–] [email protected] 3 points 1 month ago (1 children)

No posts :3

[–] [email protected] 3 points 1 month ago (1 children)

Sorry. A community like that would have a place these days, right?

[–] [email protected] 2 points 1 month ago (1 children)

IDK.

I'm saying "make the first post"

[–] [email protected] 4 points 1 month ago (1 children)

What, and end up a Mod? No thanks

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

I'm the mod of [email protected] I think

Edit: no [email protected]

[–] [email protected] 3 points 1 month ago (1 children)

You are safe, it’s someone else

[–] [email protected] 3 points 1 month ago

See edit

[–] [email protected] 16 points 1 month ago

wild doomer speculationOh, oh shit this might be followed by a play to make it illegal to report vulnerabilities to other countries.

[–] [email protected] 35 points 1 month ago (1 children)

The program will be picked up by others in the fullness of time. It's a shit move, for sure, but I bet the calculus here is that the US will still benefit from someone else doing the hard work but without paying for it.

The only thing the US loses here is prestige. And I'm totally fine with that.

[–] [email protected] 14 points 1 month ago* (last edited 1 month ago) (1 children)

i don't think so, the reality is the scale of these programs often benefit from the reach and predictable finding government provides.

it's the same reason that foreign charities for medicine are most effective when done at a government level.

[–] [email protected] 2 points 1 month ago (1 children)

You don't think the program will be picked up by another government actor? It's only the US that can do this?

Hmmm 🤔. I think that given how important the work is some other government organisation will absolutely pick up the work if the US want to wash their hands of it.

[–] [email protected] 6 points 1 month ago (1 children)

sorry I thought you meant it would be picked up by the private sector I merely misunderstood

[–] [email protected] 3 points 1 month ago

Ahh no worries ☺️. All good.

[–] [email protected] 9 points 1 month ago

It's back https://www.techradar.com/pro/security/funding-for-the-critical-cve-security-detection-system-renewed-just-hours-before-deadline