284

US abruptly turns off funding for CVE program (www.theregister.com)

submitted 3 months ago by [email protected] to c/[email protected]

26 comments fedilink hide all child comments

cross-posted from: https://lemmy.bestiver.se/post/328810

Comments

all 28 comments

sorted by: hot top new old

[-] [email protected] 69 points 3 months ago* (last edited 3 months ago)

What an astoundingly stupid idea. I can't think of many programs that deliver more value per dollar for everyone who develops or uses technology than the CVE program. This administration keeps raising the bar for stupidity.

[-] [email protected] 20 points 3 months ago

But CVE hurts Trump's people, the scam artists and spammers and of course his buddies in Russia.

[-] [email protected] 58 points 3 months ago

Let me guess, DOGE bros didn't know what it was?

[-] [email protected] 49 points 3 months ago

DOGE tech bros 100% know what it is. But they're also probably the kind of devs that hate fixing issues surfaced by CVE's in dependencies. Have seen my fair share of these types of 'engineers'. Same kind of folks who see qa and testing as the enemy.

[-] [email protected] 20 points 3 months ago

They're script kiddies, they use CVE to figure out which hacking scripts to use to break into servers that haven't been updated in years.

[-] [email protected] 4 points 3 months ago

I don't think they're this savvy, this is likely just another one of Putin's orders.

[-] [email protected] 1 points 3 months ago

If that were the case, they'd want to keep it going.

[-] [email protected] 2 points 3 months ago

I'm honestly not so sure, they are really clueless when it comes to technology.

[-] [email protected] 1 points 3 months ago

I was more implying that if this blows up in the their face, the public statement will be it was a mistake, made from ignorance, to evade responsibility. Sorry if that didn't come off clearly. Making sure implication gets across online sucks.

[-] [email protected] 1 points 3 months ago

They absolutely know, they want to avoid the accountability of acknowledging and fixing vulnerabilities, which is why they're trying to kill CVE.

[-] [email protected] 30 points 3 months ago

they have actually prepared for this

https://www.thecvefoundation.org/

[-] [email protected] 2 points 3 months ago

Thanks for sharing!🤗

[-] [email protected] 26 points 3 months ago

All part of the plan to let Russian hackers take whatever they want.

[-] [email protected] 12 points 3 months ago

China: Don't mind if I do!

[-] [email protected] 21 points 3 months ago

Goddamnit.

[-] [email protected] 19 points 3 months ago

Trump was so right - I'm very sick of "winning".

[-] [email protected] 15 points 3 months ago

This is an oddly close timing with 4chan getting hacked and leaking a bunch of user and mod accounts with .gov emails in them

[-] [email protected] 13 points 3 months ago

This is one of the worst acts of DOGE, fucking assholes.

[-] [email protected] 9 points 3 months ago

“Stupid face, you don’t need that nose!” - America

[+] [email protected] 7 points 3 months ago* (last edited 1 week ago)

[deleted]

[-] [email protected] 3 points 3 months ago

The site needs to be scraped asap, and a clone needs to happen asap.

[-] [email protected] 2 points 3 months ago

One of the benefits of it being such a widely used system is that we don't need to make a special effort to do so. It's already been aggregated and copied around as part of routine optimization by any number of security conscious engineers who aren't trying to make the world a worse place.

I've personally worked on at least three systems at two employers where making an automated copy of the data regularly was just an early optimization and matter of etiquette.

It's a good opportunity to learn how to do it though! You have or can get all the tools you need on your computer.

[-] [email protected] 1 points 3 months ago

No. MITRE is a federally funded research and development center (FFRDC). The only customer it's allowed to have is the US government.

[-] [email protected] 5 points 3 months ago

This is awful.

[-] [email protected] 3 points 3 months ago

What's more free than exposing all your vulnerabilities?

MURICAAAAAA baby

[-] [email protected] 2 points 3 months ago* (last edited 3 months ago)

No one has mentioned anything about how CISA -- as gutted as they are -- has stepped up to ensure funding for the next 11 months. CVEs aren't going anywhere.

[-] [email protected] 1 points 2 months ago

Oh God no. Not that...

this post was submitted on 16 Apr 2025

284 points (98.3% liked)

Cybersecurity

7839 readers

26 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]