Conversation

Notices

1. Embed this notice
   Brodie Robertson (brodieonlinux@mstdn.social)'s status on Thursday, 17-Apr-2025 10:33:03 JST Brodie Robertson

   Looking at the MITRE stuff, one of 2 things needs to happen, major world powers need to come together to create a worldwide central CVE database that doesn't collapse if one country pulls out, or alternatively the system needs to become hyper decentralized

   • Embed this notice
     Brodie Robertson (brodieonlinux@mstdn.social)'s status on Thursday, 17-Apr-2025 10:36:13 JST Brodie Robertson

     in reply to

     • Xe :verified:

     @cadey the main problem is becoming a CNA is still a centralized process with a single point of failure

   • Embed this notice
     Xe :verified: (cadey@pony.social)'s status on Thursday, 17-Apr-2025 10:36:14 JST Xe :verified:

     in reply to

     @BrodieOnLinux The EU has a vuln DB fwiw: https://euvd.enisa.europa.eu/

   • Embed this notice
     Brodie Robertson (brodieonlinux@mstdn.social)'s status on Thursday, 17-Apr-2025 19:53:01 JST Brodie Robertson

     in reply to

     • TheFrenchGhosty

     @TheFrenchGhosty There already is the CNNVD which tends to have higher CVE coverage but is slower to update CVEs as they get resolved.

   • Embed this notice
     TheFrenchGhosty (thefrenchghosty@libretooth.gr)'s status on Thursday, 17-Apr-2025 19:53:02 JST TheFrenchGhosty

     in reply to

     @BrodieOnLinux China will just end up doing it, and they'll surely do it better

   • Embed this notice
     Brodie Robertson (brodieonlinux@mstdn.social)'s status on Friday, 18-Apr-2025 09:03:23 JST Brodie Robertson

     in reply to

     • Xe :verified:

     @cadey @ariadne Oh I was entirely unaware of that

   • Embed this notice
     Xe :verified: (cadey@pony.social)'s status on Friday, 18-Apr-2025 09:03:24 JST Xe :verified:

     in reply to

     @BrodieOnLinux Yeah that's kinda unsolveable without a proper distributed vuln tracking proposal. I know @ariadne is doing something along that line (OpenVEX).