Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 16-Apr-2025 05:20:25 JST Kevin Beaumont

If you think ‘not funding CVE is crazy, this should be a major news story!’ - just know, it won’t be, and almost every profession in the US is going through the same journey.
From scientists to public health to weather to everything else.. essential services people rely on, sometimes which are the difference between life and death, are being defunded. Every profession thinks their situation is unique. It sadly isn’t. We’re in the vibe based bonfire endgame.

In conversation about 23 days ago from cyberplace.social permalink
- Embed this notice
  dave (hologram@cyberplace.social)'s status on Wednesday, 16-Apr-2025 11:47:57 JST dave
  in reply to
  
  @GossiTheDog you may have seen https://cyberplace.social/@briankrebs@infosec.exchange/114343835645627478
  In conversation about 23 days ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: media.infosec.exchange
    
    BrianKrebs (@briankrebs@infosec.exchange)
    
    from BrianKrebs
    
    Attached: 1 image I boosted several posts about this already, but since people keep asking if I've seen it.... MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw. I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April. https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001 MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said: “On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”
- Embed this notice
  lambtor (lambtor@cyberplace.social)'s status on Thursday, 17-Apr-2025 01:17:11 JST lambtor
  in reply to
  
  @GossiTheDog the engine car that pulls humanity forward is being unhooked from the back.
  
  In conversation about 22 days ago permalink

Public

Conversation

Notices

Feeds