Uncle Sam kills funding for CVE program. Yes, that CVE program US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday. The 25-year-old CVE program plays a huge role in vulnerability management. It is responsible overseeing the assignment and organizing of unique CVE ID numbers, such as …
I mostly agree but what is even more terrifying and stupid is $35T of debt. That is the real problem and both parties are responsible. If the US actually collpases there would be millions who die. I suspect 'we' are closer to that than anyone will admit. I say 'we' because the fallout would impact the whole world. But taken as an isolated program it makes no sense to cancel this.
Most of these cancelled programs return money to the economy in one way or another and pay for themselves (farm subsidy, direct to farmers, CVEs more circuitously) but they're government funded so it's not easy to see on a simple balance sheet.
Worst of all, they don't return profits to investors.
It's also worth noting that almost all the supposed savings are illusory. It's been suggested (with some apparent justification) that the real agenda is not so much financial as retributory.
I suspect this may be a prelude to offering out to private tendor and making subscribers pay for the privilege. I mean, what could possibly go wrong if lots of generally available software contains bugs that only those who can afford to pay know about?
If nothing else does, civil law suits will end this nonsense as it will be far, far cheaper to pay for this than pay the inevitable compensation related to bugs that companies did know about but didn't inform their customers.
I had to re-read your comment.
And agree, yes, the cancelled programs/funding do produce an 'intangible' and significant return and it multiplies when the successful outcome ripples further than planned, e.g.:
--- US AID preventing global disastrous outcomes from taking place - diseases from spreading and saving lives by supplying a simple thing such as food and water
All of these cancellations/terminations are flat out retributory, primarily.
Secondarily, yes, this crazy, stupid, criminal orange buffoon in the Oval Office (who should NOT have been there in the first place) is granting free rein to his knee benders to kill off lawful venues to prevent (or attempt to) crime & corruption...
Venues (such as CVE) if allowed to retain its funding - would have likely saved more folks from committing suicide because they've been swindled by some criminal entity in Africa or Haiti or Serbia...
“ --- US AID preventing global disastrous outcomes from taking place - diseases from spreading and saving lives by supplying a simple thing such as food and water”
At the same time, Trump tries destroying the economy of Lesotho. Which dares making cheap clothes to the USA and therefore stealing from Trump.
For the Orange god is a very jealous god and will allow no stealing, except that he allows, and gets a cut of.
For our American readers if any of your neighbours complain about this just ask them "Who did you vote for" ?
Because if it was for the "Leopard face eating party," then this is exactly what they voted for.
The big tariffs sales taxes on overseas goods.
The "Small" govt that DOGE* is soooo busy enabling.
The petulant and thin-skinned man-child who wants to take over Harvard so he can prove how "Smart" he is.
*Which in addition to being some kind of crypto scam is also the name for the leader of Venice in the Middle Ages IIRC.
Well no, the evidence is you won't.
IIRC it was Columbia that tried that.
Didn't work.
Harvard have learned from that.
Like law firms are learning about what the FOCF wants from those who've pledged c$1Bn in pro-bono time.
For the FOCF it's not about the giving, it's about his enjoyment of taking.
From anyone, of anything.
I have no doubt that in some cases it stimulates and improves our way of life but I am not quite sure of your math.
Government prints money, causing the value of the dollar to drop which we see as inflation. The economy ( us ) has to pay that and the interest on that debt. A loss to the economy.
Some of the money makes it to where it supposed to go and stimulates the economy, a plus.
From my point of view, it is a net loss for the economy as a portion went to overhead that produces nothing.
So -
It is up to us to make sure the economy profits from the money spent by placing it where it will make the lasting good that will also pay back the previous incurred debt. It is the same principle as your credit card. You by food so you can work to pay the money back.
You're a short sighted fool if you believe the money doesn't end up back in the economy or benefit the country in one way or another.
Even the "overhead" is paid to citizens of the US and is spent, by them, in the self same economy.
The money that's spent on overseas aid is not altruism either, there's always a return on it, whether that's influence or opportunity.
It's the same with unemployment benefits, disability benefits, farm subsidies, food stamps etc. The money all ends up back in the economy and another side effect is that people live a happier life which is surely desirable?
Ac -
Not short sighted, but I have been diagnosed as near sighted, so I have glasses.
If the return you are referring to we would not have inflation. What you paid for groceries in 2020 would be the same in 2024.
There is simply a leak in our economy, where did that value go?
This post has been deleted by its author
Both parties may be responsible but see if you can find a chart of national debt over time, and superimpose which party is in power
Meanwhile, consider that one reason the dollar has survived the high debt is because it is widely used for international trade, especially commodities (like oil.)
If the international community rebuild global trade without USA, they won't use the dollar. And, removed from the peg of commodities, what will stop the dollar from going into freefall?
It's one thing to identify that something is unsafe. It's another to deliberately crash it.
>I mostly agree but what is even more terrifying and stupid is $35T of debt.
$35T of debt is ~130% of USA GDP. That is relatively nothing. Japan is running about 220% and has been for years. UK's was 252% after WW2.
And that $35T actually owns stuff - like 640million acres of land. That alone is worth trillions. Add in the roads and other infrastructure and all your big weapon toys and there are assets that cover most of the costs. A few small tax increases and you could reduce it quite quickly if it was a problem - or just reduce the deficit and let inflation do its thing...
that debt is was happily bought by foreign investors who consider considered America both safe and a good place to invest.
FTFY
If the US wants to continue selling their debt they're going to have to jack up interest rates a lot.
When a UK PM has that effect on bonds their party can remove them in less time than it takes a lettuce to wilt.
Yeah, and DOG-E now themselves admit that they only will find "savings" in the range of the low 100 billions -- not the "Trillions and Trillions" advertised on the tin. This will amount to something less than 2% of the budget.
So bullshit all along, or as we have come to know it since 20 Jan, "Business As Usual".
$35T is a lot, $8.18T was added by the Home Alone 2 extra, the most by any president in a single term, Obama added $8.7T over 2 terms, a large amount of what the 2 time Playboy adult video extra added was for tax cut to the top 1% of the US, about $2T, so he has to take the blame for a lot of this. Next we can see that the cuts to the federal work force reduced the IRS by 6800 people, all of which were probationary employees hired under Biden's strategy of going after high income earner tax cheats, most of these people were on around $68k. In the tax year ending in 2024, the IRS estimated tax fraud cost the US ~$490Bn and have come out and said that in the tax year ending 2025, due to the reduction in staff numbers, there will be ~$500Bn more lost to tax fraud than in the previous year, for a total estimated ~$990Bn. I may be crazy, but it would bake a lot more sense to employ more IRS investigators to go after this lost revenue than to sack them, that is unless you're not really that worried about the national debit but are worried about being caught defrauding the IRS. It's a similar story at the SEC.
Lots of fun characters around the world are looking to create some new mischief. Cue the NORKs, the "Internet Research Agency" in the USSR, etc.
Since a lot of the CVEs have to do with industrial control systems this could be a fun time to handle crises at major utilities.
Unfortunately the fine article doesn't mention how much the classification of those 40.000 2024 vulnerabilities cost. Is there any good reason why this money should come out of the USA taxpayers' pockets only? Is there a good reason why all this money ends up in US employees' pockets? Shouldn't the other international stakeholders pay their share (or get paid) for the operation of this useful service?
As the article said, one possibility is to fund this by voluntary contributions from companies. I honestly wouldn't be surprised if that happened because this is commonly used, though let's remember that sometimes, companies that do something like this try to exert some control over it, for example Google's version where you had to register with them for the privilege of reading it. If some other government wants to fund it, those of us who work in security will be happy to see their funding used to keep the service alive. The general utility of it is why it made sense to fund it as a public good, but I don't remember too many governments volunteering to help with the bill.
As for shouldn't non-Americans be paid for it, until now, the funding was coming from the US government. Is it that surprising that they chose a US institution to manage it? You can complain about it being US-run or you can complain about the US having to pay for all of it, but trying to complain about both simultaneously makes you sound like you just want to complain and are using all available paths to do so. The contract isn't clear about the amounts. From my reading, Mitre received $29 million for two years, but I'm not sure that all the $14.5 million annually went to the various databases listed. Mitre does various other things, and I don't know if any of those were also included in the contract.
I agree a lot of the anger from around the world at the economic moves is like children upset because Daddy has said time to get a job and make your own way in the world, I'm cutting your allowance. Daddy doesn't have a lot of choice or Daddy goes under. I hope the US does come back from the brink, as an open and free society although the odds are always against that. The leader of the "free" world has to be free itself. Free as in freedom not free as in money!
Hope isn't going to get you very far.
Remember where all that debt came from: you buying stuff you couldn't make. You still won't be able to make it and now people are already to buy less of the stuff you do make. They'll also be less willing to invest in your country to enable you to make more because investors want to see stability first.
No, hope isn't going to get you very far at all.
"I agree a lot of the anger from around the world at the economic moves is like children upset because Daddy has said time to get a job and make your own way in the world, I'm cutting your allowance."
I'm not sure whom you're agreeing with there, but if it was me as you pushed a reply button on my post, I don't think that. Any time funding for anything is cut, the people who used to receive it tend to react negatively, and if we anthropomorphize it a bit, the attitude isn't exactly wrong. However, if we're doing that to the recipient, we need to do it to the source of the funds as well. Using that analogy, not all of these are a parent cutting off an allowance. Sometimes, it's a person refusing to pay for things they needed and reacting badly to the loss of the thing they just cut.
Some things don't need government funding anymore, and the recipients will almost never acknowledge this and concede to ending the funding. Other things are not profit-making enterprises and provide a public benefit. For example, it's almost impossible to make money off a vulnerability database and have that database remain useful. Probably the closest you could get is charging people to access it and using the funds obtained from doing so to manage it while receiving reports for free. That destroys a lot of the benefit of tracking these things, since many groups will decide they can track things just fine without paying you and reporters may decide that there's little reason to spend the time sending reports to yet another database company that they can't read anyway. This mostly doesn't work as a for-profit operation. So our remaining options are 1) it's not worth doing because it doesn't provide enough benefit, 2) it's something private companies or someone else should pay for and we don't get enough benefit to try to facilitate it happening, 3) others could pay for it and it's important enough that we should try to make it happen, or 4) it's useful enough that funding it directly is worthwhile. I think the CVE database is either 3 or 4. The problem is that option 3 involves work, whereas option 2 is the lazy option which they've gone with instead.
There are lots of things governments spend on which they could cut, either entirely or significantly. To determine what they are, knowledgeable people need to review them, determine what benefit they provide, determine whether there is a different feasible way that benefit could be obtained, look for inefficiencies that could be removed, and create and execute a plan of action. That is a slow and boring process. Many governments have historically skipped it and just paid for something over and over again without trying to improve, and that causes problems. Skipping it the other way and just cutting things at random is at least as bad, and in practice, it's often much worse as there was a reason the things got added in the first place. That clear and organized efficiency process is not happening in the US today, so they will not get the benefit available from doing it.
The CVE database contains vulnerabilities for software written anywhere, including a lot of open source code. It is used everywhere to track and manage information about what is vulnerable and how to respond to those ulnerabilities. The US is not the only country that benefits from it, nor is it the only country that is responsible for the existence of vulnerabilities, as you know perfectly well. As my comment states, there are plenty of reasons why the US would benefit by continuing to fund it. However, your picture of a uniquely American problem is weird in its obvious inaccuracy.
To my mind the USA are losing (even more of) their status as a trusted partner. Why buy from a US company when they could suffer at any moment from a Trump-tantrum (Trumptrum ?) and not be able to provide what you need?
The F-35 program is suffering from this (https://theaviationist.com/2025/03/15/canada-reconsidering-f-35/) and no doubt other areas are also being hurt by this egotistical maniac.
And all this in 4 months, there are over 3.5 years of this to go!
The US is in deep doo-das. I suspect it was close to collapse. They wouldn't have cut their funding of all the overseas psyops, influence and colour revolutions otherwise. There are people, including powerful Americans who wanted collapse as they see it as a way of getting rid of that pesky democracy and waste of resource on people they think they can replace with AI in a decades time. I think the global situation is far worse and more sinister than most realise. I have no idea if Trump is trying to save democracy or just wants to be the new gang boss.
Well, he's definitely not saving democracy, so put that out of your head for a start. Try reading the news - yesterday he stated that he wants to be able to deport anyone at all to a Honduran hell hole death camp with no due process. Just snatch them and that's them gone forever, out of reach of the courts.
That means you. *You* are personally at risk. "But I'm a citizen" doesn't matter - without a process to find out that you are, you're gone, head shaved, on a plane in shackles and cuffs and standard white keks, never to be seen again.
I think and hope the US wants true partners, not just those that want to suck at their nipple. They gave Europe and the UK a well deserved rocket up their backsides over censorship and democracy-harming behaviour, not that it seems to have made much difference so far. Many of you probably have no idea of the level of censorship and draconian "lawfare" that is being conducted in our countries. It is unparalleled and mostly going under the radar. It wont stay under the radar once all the pieces are in place. I sometimes despair that no one seems worried.
The US is a country where you're not allowed to protest against your elected representative lest you get tasered or charged with "vulgar language" which seems somewhat against that sainted 1st amendment right.
It's only the land of the free if you happen to be on side with the government.
Neither are we! The fact that you repeat that "talking point' shows your utter ignorance! What many states are doing is keeping literal pornography out of the hands of children. Which by the way, there are laws in every state making the exposure of pornography to children a crime! Some of these 'educators' are very lucky they were not arrested and put in jail!
The only ones being deported are
1. Those here illegally that have committed crimes. (btw, being here illegally IS A CRIME!)
2. Those on student visas engaged in anti-American activity. As a guest in our country, they should respect our country.
And, get a clue! Gerrymandering is literally written into the constitution! State legislatures are empowered to redraw congressional districts based on census data. How they do that is entirely up to them! I am sure you are OK with states drawing districts to ensure representatives are of a "certain skin color" which happens all over this country (and that skin color isn't white).
And lastly, your countries are throwing people in jail for saying things they don't like, for quietly praying near an abortion clinic, for speaking out against the rape of young girls.
So, you can take your outrage and shove it!
LOL. Someone has been listening to Russell Brand's hyperbole. No one was arrested for praying outside a clinic - they were arrested for breaching an order which created a buffer zone around the clinic because protesters were hassling patients. No one was arrested for speaking out about the rape of young girls, they were arrested for interfering with witnesses.
You say you like law and order, but only if it suits your world view.
So you can take your Theil propaganda and stuff it where the sun doesn't shine, sunshine.
Good good, go find an actual reputable news source, and read it. Go read the court transcripts. Anything! Just pull your head out the arse of your glorious leader and take a look 3 what he's actually doing.
Article 1 only applies to full citizens, does it? Interesting take. And you've clearly not read anything about the man, a US citizen, who has been vanished into what is likely a Honduran prison/death camp along with a few hundred others for the crime of... Well, there's no crime, there wasn't even a hearing! And he's probably already dead.
Really? I can only hope those wishing these things on others get to experience them firsthand, themselves. And yes, this means you. I hope you get to experience the stripping of your rights, rather than some innocent who didn't push for them to be gone.
And you've clearly not read anything about the man, a US citizen, who has been vanished into what is likely a Honduran prison/death camp along with a few hundred others for the crime of...
The crime was wearing a black Chicago Bulls cap, because, well everybody knows that anyone wearing a black Chicago Bulls cap is a notorious Venezuelan gang member/terrierist.
Just ask Karen Bondi...she'll tell you, all right!
Quote
"1. Those here illegally that have committed crimes. (btw, being here illegally IS A CRIME!)"
no person shall be deprived of life, liberty, or property, without due process of law; US constitution 5th amendment
nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.; US constitution 14th amendment.
Seems that under the US constitution, those illegally in the US still have rights until found guilty of said offences after due process. IE up in front of a judge and not some ICE official who sees a real madrid tattoo.
Another quote
"2. Those on student visas engaged in anti-American activity. As a guest in our country, they should respect our country."
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances ; US constitution 1st amendment
Also read the 2 amendments quoted above.
Whether you deem it 'anti-american' or not, anyone in the US is entitled to the the same rights given to regular citizens, after all if foreign students in the US were suddenly given a $50 000 demand in order to keep their student visas, how would they be able to protest such a decision if they were'nt covered by the amendments? or is it your idea that all foreigners are 2nd class people not deserving of any rights?
Oh dear, do you have the MAGA cultist handbook shoved somewhere that the sun doesn't shine? You are just tediously repeating the same lies that Tump, his cronies and the trash at Fox news are blaring out all the time. Without firing a single neuron.
Please seek professional help. Urgently. This kind of mentality is not healthy - for anyone: you, your friends, your family, your co-workers. It is not a weakness to seek help.
Don’t forget attempting to take over universities so they only teach approved thought.
Or threatening to ‘review’ broadcast licenses for companies that have perceived ‘bias’.
>I'd suggest planning on at least 7.5, on the presumption that the two term limit will be abolished by the Orange Bully, using whatever abuses of power and process are required.
I know people can live longer on hatred and stupidity alone (see Kissinger or Murdoch as examples), but despite his medical report saying he is 6'3" and 224lbs with a resting HR of 62, I have similar stats and looking at his photos would give me body dysmorphia. His odds of being alive in 4 years is about 50%, and his odds of being capable of anything more than drooling is about 25%...
Vance doesn't have the MAGA cult fully behind him, at least not yet, and there will be a lot of backstabbing going on when Trump croaks. The likes of Waltz, Miller, Gaetz and Rubio at each others throats but without the weird charisma that appeals to the morons that voted for Trump. I'm actually looking forward to it, as it will probably tear the Republican party into at least two separate parties.
> Shouldn't the other international stakeholders pay their share
That is the direct Trumpian line: the US should pull out of anything where they are "being taken advantage of".
BUT even making "Is there any good reason why this money should come out of the USA taxpayers' pockets only?" the first - or only - question to ask is going about things arse backwards.
The first, the most important, question, whose answer overrules anything else, is: "Do we - the US - risk more costs by NOT having this programme?" (or "Are we getting our money's worth?" or "Will we really, really regret not spending this?" or a dozen other ways to ask the same thing). To which the answer is YES!
If we accept that the US taxpayer paying for this is in its own interests, should they kep it to themselves? Well, will that be cost-effective? Nope, of course it won't, don't be ridiculous. Bug hunting is a world-wide endeavour. If the US list is inly visible to the US, why would anybody in any other country ever bother handing over information they've found? Especially if there was any cost attached to finding it. So should the US pay the costs of all these bug hunters across the globe just to fill the US database? Is there a cheaper option? How about - just let the database be readable by everyone and accept submissions by everyone. Not only does the US then gain even more for its money, it saves on having to set up the systems to prevent global access whilst still allowing full access within the US: unless a Great American Firewall sounds like something that ought to be built anyway.
The bottom line is that it is far, far cheaper to run a globally useful system like this than not to run it. Even when you just look at the cost benefits of one player.
To risk it just because you want to ask "why should we be the only ones to pay?" is the absolute epitome of cutting off one's nose to spite one's face. It is putting paranoia and xenophobia before even bothering to calculate the balance sheet.
"But, but, everyone else is ripping us off! They should pay! It doesn't matter if we are acting solely in our own interests, if *we* are getting far more value back than we are spending, *they* don't deserve to get anything for free!".
Ah, the clarion call of the truly mean spirited.
And those unable to comprehend Soft Power and that they are getting back even more value than they have bothered to write into their spreadsheets whilst reading the above: there is a reason why, when buying a business, you pay for the Goodwill that has ben accrued.
In addition to that, there's a much easier solution if the bill needs to be smaller. Once the thing has been built, you now have a great way to suggest that maybe someone else should be paying for this. Go to some cloud companies and ask them if they'd kick in some donations. Set up a cybersecurity initiative between countries, they tend to announce one of those every few years, and get that consortium to fund it. It's much easier to convince others to pay for something when it's sharing in the costs of something they benefit from, something that's existed for years, and something they don't want to lose than it is to convince them to pick it up after it's been dropped in the bin. The primary reason you would cancel the contract is that you've decided the thing is not worth running.
Yes, in fact the whole program was supposed to be a commercial service but nobody ever expected that to fly. It was just the EU wonks trying to put a market spin on something they knew they needed for strategic / military reasons but didn't have the wider support to push it for that alone.
Now of course it seems like a very wise investment...
If you check, you'll probably find your phone is probably getting positioning data from satellites belonging to 4 constellations:- GPS (US) Gallileo (EU) Glonass (Russia) and BeiDou (China).
So, there's not much incentive for only one provider to turn off their constellation for general public use, because the average person on the street won't even notice. If they are all turned off, we, as a species probably have bigger problems than navigating to an address we haven't been to before.
The argument for Galileo was not about normal peace-time situations, but in some sort of conflict region when other big players decide to deny use of their own systems / degrade accuracy for that region as they have skin in the conflict's game.
In the past we assumed the USA would be on the side of 'the west' & democracy, while it was considered obvious that Russia and China would not cooperate even if just out of principle. Now all bets are off for GPS.
If your neighbour uses your car or electricity you experience real loss: fuel, wear, maintenance for the car, and an increased bill for the electricity.
GPS can't be "used up" or "worn out."
At best the loss is similar to that of patents or copyright. And the solution is the same - DRM GPS and watch the world switch to GLONASS or Galileo
You're American. I'd bet £10 on that.
Why are you so weirdly dead set against anything nice for people who aren't billionaires? Like passing a law to stop people picking apples in the park, or cutting the trees down, rather than just saying "Cool, someone who wants apples enough can go to the park and pick some"?
Yet trunp fans vote for anything that will keep them poor and thick, because they don't understand that they, as well as the poor they hate, are also poor.
It's a common strategy for people like Trump. For example, his casino pillaging:
1) Lie about personal assets and worth in order to secure a large short term loan. No need to worry about the repayment schedule.
2) Use this cash to buy controlling interesting in an unfortunate business. For example, a casino.
3) Transfer the debt into the casino, instantly crippling the casino with debt repayments they can never afford
4) Pay self a huge salary and expenses because you are the most amazingest and bestest casino ever in world ever
5) When casino runs out of cash reserves, stop paying suppliers and staff but keep paying self.
6) Casino is declared backrupt due to not paying suppliers and staff.
7) Someone buys the assets of the casino (just not the debt of course).
Win, win, win all around. Except for the suppliers who are small people who don't matter. The staff who are meaningless slaves and don't matter either. Where the debt goes, it doesn't matter but it will be passed onto somebody somewhere.
Repeat this with another casino or other business. Trump did this about six times? Always lying about "market conditions" being why "his" casinos failed all the while others survived just fine.
The initial lie about his assets and wealth was the key part of the criminal case against him - pull the rug out and everything else collapses.
Isn't ROW paying for it by buying products and services from those same US companies?
This whole mess is down to a supposed leader (and his supporters) being unable to look past the US$ as an arbiter of value. Thinking about Trump's background, and his approach to business, it shouldn't come as a surprise.
Well, there's the whole "taxation without representation" tea party to consider.
Whenever discussion about regulation of the Internet has come up - as it has done periodically for a long time, the concern has been that the pesky foreigners might want to further their own interests if they were allowed to participate on an equal basis.
The US has hitherto thought it to be in its best interests to keep the essential nuts and bolts of network & IT infrastructure where it can see them and maintains its dominant position through coughing up the coordination money while avoiding (at least the appearance of) overt control. If other countries are going to be expected to contribute formally, expect a protracted argument about how much and what they get in exchange.
If the US doesn't want to maintain its disproportionate influence, then of course the present expenditure is wasted, but if it does, it's actually getting a bargain.
Pricing in of external costs is one of my hobby horses, along with the importance of estimating lead times for substitution strategies when introducing significant policy changes.
Simple (simplistic?) version: If you want a small state, then you need to find a way for companies to pay for the mess they leave. And you need to phase in reductions over time to avoid economic disruption.
I'm all in favor of cancelling lots of automotive regulations. Remote kill switch is one of the newer ones I think is really dumb.
I don't buy a lot of airplanes but watch youtuber plane folks and some of those regulations for small planes seem suspect to me.
If CVE is valuable why does Uncle Sam have to be involved? Apple/IBM/Microsoft/etc can't figure out how to split up 30million for something they find valuable?
If the US continues to "cut costs" on preventative/preemptive initiatives, the country may save money in the immediate term, but the costs will be far greater when the country is reacting to a preventable problem that disrupts critical services or industries. Just like the CDC and its role in reducing the impact of health crises, NOAA/FEMA and its role in reducing the impact of climate crises, the CVE program is a vital program for preventing major disruptions due to cybersecurity crises. Instead of proactively seeking out solutions to hazards and threats before they can impact the country, the Trump administration is choosing to retreat to a reactive position. The US can stop funding this vital work and let others fund and facilitate solutions, but it will either leave the US reliant on others to do work that is very much in the US's interests for maintaining a secure infrastructure/economy, or the US will end up having to pay more as multiple US agencies end up solving the same problems due to a lack of a central authoritative source.
Elon Musk's X corporation is formally announcing a new information security vulnerability tracking program called XVE.
Unlike MITRE's CVE program which cost US taxpayers $30M per year, XVE will run off of X's spare server capacity and managed entirely through a Community Notes-style moderation system. X users will be able to comment on CVEs and post memes featuring cats, acts of teabagging, and cats teabagging. According to owner Elon Musk: "By giving threat actors, including ransomware gangs and national intelligence agencies, an equal voice in the vulnerability disclosure and rating system, we aim to maximize the lulz resulting from the reporting process. Vulnerabilities for X, Tesla and SpaceX products will be subject to a more rigorous and carefully-guarded management process."
Ok, I'lll bite.
How long before the Elongated Muskrat monetises this? He'll probably start by making everyone who wants to view it sign up for X.... That's one way to stop the drop in users. Then it will cost you $10 per month to be able to contribute? All while he remains the world's richest blob of uselessness?
Who will oversee this to ensure that bugs in the software for say a Tesla's self driving are not hidden?
Avoid at all costs.
This post has been deleted by its author
That's an excellent way to ensure that nobody will report security issues anymore - ie. the exact opposite of the purpose of the CVE program.
Some of you people really need to learn how these things actually work before making "racist uncle at Christmas" type comments.
That's an excellent way to ensure that nobody will report security issues anymore - ie. the exact opposite of the purpose of the CVE program.
joepie91,
OK. There's an easy way round that problem. The CVE database pays the bug bounties to independent security researchers. Then charges the offending companies to cover up the bug until they've fixed it. There can be a loyalty program (for extra cash) to hide the bugs forever. Until they appear in the wild, at which point the offending company are fined even more. And then it's revealed that they paid to hide the bugs - unless they pay even more to cover up that they paid to cover up the original bug.
Meanwhile, the NSA gets first dibs on any bugs they like the look of, and they get covered up for free (at least if the company refuses to pay up to hide the bug).]
I reckon this new tech-tax should be funding 50% of US government spending in no time...
The EU is making moves away from the US, considering it a "less-trusted", or "no-longer-trusted" partner.
Considering the benefit the EU gains from this database, would tge EU be willing to host it, and pay for offices (located in the EU) and salaries for the people maintaining it?
About 30 seconds if Elongated Muskrat's past form is anything to go by.
Then he'lll tell trump to ignore it all and put another 100% on the tariffs he is imposing on the EU.
After all, the Orange Jesus thinks that the EU was created solely for the purpose of ruling the USA in trade.
EU deciding on something within 10 years ?... it must be some other EU then, since it is not about tax increases.
Except from having to build support for 16th century Danish written dialects used in Greenland, among all the other incompatible languages, it will take decades to build, since they probably need 5 Commission meetings to decide on the background colour.
It’s just ‘knowing cost of everything and value of nothing’’ Beancounting, turbocharged by MAGA Ignorance. They probably hired some from Boeing.
I’d expect a Doge Tween involved in this too and and people pushing the #MeToo movement back several decades like the terminally stupid and not best people … Kristin Noem/MTG
Trumpistan: Set the house on fire. Steal someone's water, claim to extinguish the fire, give water to cronies to water their plantations. Whine that all the others are free-riding on your extinguishing skills. Extort money from the others. Give loads of public money to cronies to deliver some petrol ("gas"). Sprinkle the petrol on nearby houses. Praise youself for being the great (or is that "biggliest"?) leader. Stuff your gob with more burger. Crap panties and repeat.
I think the reason is connected to the animosity between the current administration and CISA. They're having their budget cut significantly, a lot of their staff fired, frequent condemnation from their boss, and suggestions that the entire institution be dismantled. The CVE database isn't being cut because someone knows what it is and has a problem with it. It's being canceled because the parent of the contract is being smashed with a hammer and the damage is rippling down.
"seems like a shot to the foot"
Quite possibly you hit the nail on the head. Shooting oneself in the foot was originally (WW1) intentional -- as a way to escape the trenches. All this paring down is also intentional -- the current powers hate intellectuals, whom they view as a threat to their unlimited freedom of action. So absolutely any knowledge-based enterprise is a "legitimate" target, regardless of consequences.
All this vulnerability research, tracking and publication can be scrapped to save money. Just give the Russians the user name and password for an unlimited unmonitored account. Security becomes superfluous and a valid target for efficiency savings.
(/s doesn't seem like the right choice. I /seriously believe this is DOGE's reasoning.)
Have you learnt anything at all helpful yet about the true virtual nature of realisable events and things and your spectator place in the disorder and CHAOS [Clouds Hosting Advanced Operating System] for the entertainment of madness and mayhem and hubris?
Or do you not think nor even imagine that such things just don’t happen ......if ever stealthily and anonymously driven by Otherworldly Sources and Alien Forces?
Would your knowing more than just a little about the true supernatural state of your virtual existence be a terrorising and/or enlightening quantum communications leap?
Ponder on this earlier iteration reflecting on it being something terrible and destructive ........... https://youtu.be/Poii8JAbtng?si=3ZwAR7mRxXWXI_de&t=290
No one would have believed, in the last years of the nineteenth century, that human affairs were being watched from the timeless worlds of space. No one could have dreamed that we were being scrutinised as someone with a microscope studies creatures that swarm and multiply in a drop of water. Few men even considered the possibility of life on other planets. And yet, across the gulf of space, minds immeasurably superior to ours regarded this earth with envious eyes, and slowly, and surely, they drew their plans against us...At midnight, on the 12th of August, a huge mass of luminous green gas erupted from Mars and sped towards Earth. Across two hundred million miles of void, invisibly hurtling towards us, came the first of the missiles that were to bring so much calamity to Earth. As I watched, there was another jet of gas. It was another missile, starting on its way...
And that's how it was for the next ten nights. A flare, spurting out from Mars. Bright green, drawing a green mist behind it; a beautiful, but somehow disturbing sight. Ogilvy, the astronomer, assured me we were in no danger. He was convinced there could be no living thing on that remote, forbidding planet...
The chances of anything coming from Mars are a million to one, he said
The chances of anything coming from Mars are a million to one...
But still, they come!
Then came the night the first missile approached Earth. It was thought to be an ordinary falling star, but the next day there was a huge crater in the middle of the Common, and Ogilvy came to examine what lay there. A cylinder, thirty yards across, glowing hot, and with faint sounds of movement coming from within. Suddenly the top began moving, rotating, unscrewing, and Ogilvy feared there was a man inside trying to escape. He rushed to the cylinder but the intense heat stopped him before he could burn himself on the metal...
The chances of anything coming from Mars are a million to one, he said
The chances of anything coming from Mars are a million to one...
But still, they come!
Yes, the chances of anything coming from Mars are a million to one, he said
The chances of anything coming from Mars are a million to one...
But still, they come!
It seems totally incredible to me now that everyone spent that evening as though it were just like any other. From the railway station came the sound of shunting trains, ringing and rumbling, softened almost into melody by the distance. It all seemed so safe and tranquil...
...... and ask yourself whether things have been changed and this time will everything be fundamentally different ‽ .
Would your knowing more than just a little about the true supernatural state of your virtual existence be a terrorising and/or enlightening quantum communications leap?
Well, what's it to be? A Catalogue of Reigns of Terror or a Never-Ending Series of Enlightening Quantum Communications Leaps ....... for that is the Current Present-Day-Running Stark Reality Choice being offered to y'all, and being further highlighted as more troublesome historically than creative here .... https://www.zerohedge.com/political/manufacturing-consent-what-about-manufacturing-rebellion
If that question relates specifically to the Current Present-Day-Running Stark Reality Choice being offered to y'all is one of a Catalogue of Reigns of Terror or a Never-Ending Series of Enlightening Quantum Communications Leaps is the answer simply the former introduces worlds of deeper and darker pain whilst the latter prevents and destroys them and their support agents and networks ..... a difference even the slowest of horses would notice and feel.
And if ever done right and creatively, rather than wrongly, does the Manufacturing of Consent Prevent Dissent Worthy of Rebellion.
And, believe it or believe it not ..... quite whether that be an Alien Art Phorm and Intellectual Bridge Too Far for HumanIT to cross in order to master command and control is another leading question being asked of y'all by Forces and Sources stealthily and anonymously driven so that they might know rather than just assume whether there be any possibility of positive mutually beneficial reinforcing engagement with, or any effective likelihood of negative destructive competition and opposition against their rapidly expanding and emerging influences/shenanigans/programs/pogroms/opportunities?
I/We Kid U Not. And in what major prime popular flavour would you like them delivered is another available choice for personal customisation/preternatural preference? As an Exotic Erotic Eastern Confection or a Wild Wacky Western Delight? Or a Divine Amalgam of Both?
@AMAFM
Many of us listened even *before* the launch, however the launches appear to have fascinated about 29% of the US voting population back in 2016, and it has carried through to the now rather destructive landing craters, including the disaster of global markets lately. Hopefully the fascination breaks before the critters get out of the cylinders.
They do. China already has a vulnerability database designed like the CVE system with strict laws mandating reports basically as soon as you think that maybe something might be exploitable. The main difference is that it's basically unavailable outside China and they do gather and hide vulnerabilities when they feel like it.
What happened to the old adage of "let's do a study into the effects of getting rid of x"? No, they just cut it. Because that's how Trump runs his businesses. And we all know how "successful" they are.
And we mustn't forget that businesses aren't democracies. But that's OK because he isn't worried about that.
I say this with a heavy sigh, but this might be a good thing if better funding can be secured from elsewhere. I believe there is a shared feeling among those who work closely with this data that the organisation has not been operating as well as it should for a while now. Seemingly urgent CVEs are known to languish in an "awaiting analysis" state for quite a while, and the scores assigned are often questionable, suggesting a lack of proper research.
With Trumpf anything that smacks of oversight is at risk.
This is totally in line with all the sacking of people in the Federal govt.
Oversight, regulation & protection are 'known' hinderances to 'making money !!!'
This is why Trumpf wants to go back to the 'Golden Age' of the US of A.
In the 'Golden Age' oversight, regulation & protection was minimal while profits were huge for the select few who owned everything.
I am sure the rest of the world would LIKE to fund many of the things that the US of A currently funds BUT the existing situation exists because 'owning' things gives the US of A advantages politically and otherwise.
If the US of A wants to have NONE of the advantages they currently have with these types of organisations then the rest of the world would be happy to take over.
Of course, the US of A would have to realise that they would then have to 'stand in line'/queue like the rest of us do now and would have NO priority at all !!!
:)
Distributed Weakness Filing (DWF) attempted to address a few issues, such as being able to get a vulnerability identifier in the first place. It also provided a place for CVEs not assigned by the traditional CNAs. One problem with the CNA system is that the CNA can reject the assignment outright, and many of the big software vendors are CNAs for their own software (Red Hat, Microsoft, Apache, etc).
How much are the US gov going to save on cancelling this, a few million a year? A lot to us mortals but what amounts to a rounding error on the governments balance sheet.
Considering how much the tech bro's all donated to king Trumps inauguration, I'm sure if asked Musk, Bezos, Nadella, Ellison and Zuckerberg could all throw in a couple of million each and keep it going til at least the end of the Trump presidency, when the sane people might be back in charge.
The Mitre CVE program was useless since a while ago, as you cannot even view the CVE information in the CVE database (https://www.cve.org/) without having a vulnerable browser than does arbitrary remote code execution of whatever JavaScript a website throws at it (although it is sandboxed, sandbox bypasses keep getting found).
I do not admire (not actually) gratis, (not actually) source-available (proprietary) software (at lot of the time when I see software being labelled with "FOSS", it's either free software being insulted, or it's proprietary software).
"FOSS" is also an attempt to be neutral between the freedom of free software and the corporate serving of "open source", but it fails to be neutral; https://www.gnu.org/philosophy/floss-and-foss.html
FREE SOFTWARE; https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms
No, I have not used another name.
What happened to Distributed Weakness Filing (DWF)? The project was started in 2016, and El Reg reported on it[1], but it seems to have died. It tried to address some issues with CVE, foremost being getting an identifier in the first place. It was resurrected in 2021 according to LWN[2], but seems to have died again.
Incidentally, while trying to find DWF (I couldn’t remember the name), all searches seemed to point at gcve.eu, which, if the Github project for the web site is anything to go by, began only hours ago.
[1]: https://www.theregister.com/2016/03/09/hackers_spin_up_alternative_cve_system_as_bugs_go_unchecked/
[2]: https://lwn.net/Articles/851849/
Homeland security had their benefits from seeing al the bugs and security holes as the first .
it will cost the american tax payer much more if homeland security searches for tehse bugs by themselves
I am sure MI6, or BND would be glad to finance the Mitre CVE program.
whoever will be the future "sponsor" I hope it won't be the FSB
There are various standards of security, procedural and technical which require a process for being up to date with vulnerability fixes. How will the US Military and other US and foreign Government Departments ensure that their equipment is patched and up to date without a standard reference for each known vulnerability?
I reckon that whoever decided on this is either exceptionally stupid, or expecting industry to blink first (and quite soon), as this is an enormously beneficial resource on which the US state itself depends.
The mind boggles.
Donald Trump has done the impossible: He's made the Chinese government, who sends its opponents to concentration camps, seem rational and trustworthy.
The PRC can pick up the CVE program. Think of it as strong synergy: they injected half the vulnerabilities into the supply chain, so they shouldn't be hard to find.
I do like the remark from CISA in the link you provided:
"We appreciate our partners’ and stakeholders’ patience.”
I can only assume that someone in there actually had the courage to say out loud about how vitally important CVE is for keeping the lights on (maybe mentioning little hiccoughs like the Russian attacks on Ukraines power infrastructure a few years ago, or on a Baltic State's banking system, or, well, see articles in The Register for other horror stories).
That person, in this climate, deserves a medal.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
