this post was submitted on 16 Apr 2025
307 points (99.4% liked)

Memes

51595 readers
1650 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 6 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
307
CVE program (lemmy.ml)
submitted 3 months ago* (last edited 3 months ago) by cypherpunks@lemmy.ml to c/memes@lemmy.ml
20 comments fedilink hide all child comments
 

References:

top 20 comments
sorted by: hot top controversial new old
[–] Sickos@hexbear.net 55 points 3 months ago* (last edited 3 months ago) (2 children)

Ooooooooooooooooooh shiiiiiiiiiiit that's not good

Like, for anybody who already understands that everything to do with computers talking to each other is basically held together with spit and tape, they're defunding the tape

CVE is THE definitive central source for "fix this potential hack now plz"--at least for things the US thought was too dangerous to keep secret for their own sneaky purposes. Oldheads may remember getting alerts from CERT.

I assume, being a public-facing service, that it wasn't profitable and therefore it's inefficient.

Like, EU CVD/CSIRT will undoubtedly step in to close that gap, but burning this is insane.

[–] Sickos@hexbear.net 39 points 3 months ago (1 children)

This is sticking your dick in a toaster levels of stupid

[–] LodeMike@lemmy.today 18 points 3 months ago (2 children)
[–] Sickos@hexbear.net 9 points 3 months ago (1 children)

he-laughed this must have been embedded in my subconscious

[–] nightwatch_admin@feddit.nl 5 points 3 months ago (1 children)

!AccidentallyNotTheOnion@feddit.nl

[–] LodeMike@lemmy.today 3 points 3 months ago (1 children)

No posts :3

[–] nightwatch_admin@feddit.nl 3 points 3 months ago (1 children)

Sorry. A community like that would have a place these days, right?

[–] LodeMike@lemmy.today 2 points 3 months ago (1 children)

IDK.

I'm saying "make the first post"

[–] nightwatch_admin@feddit.nl 4 points 3 months ago (1 children)

What, and end up a Mod? No thanks

[–] LodeMike@lemmy.today 2 points 3 months ago* (last edited 3 months ago) (1 children)

I'm the mod of !copypasta@lemmy.ml I think

Edit: no !copypasta@sh.itjust.works

[–] nightwatch_admin@feddit.nl 3 points 3 months ago (1 children)

You are safe, it’s someone else

[–] LodeMike@lemmy.today 3 points 3 months ago

See edit

[–] Sickos@hexbear.net 15 points 3 months ago

wild doomer speculationOh, oh shit this might be followed by a play to make it illegal to report vulnerabilities to other countries.

[–] mannycalavera@feddit.uk 34 points 3 months ago (1 children)

The program will be picked up by others in the fullness of time. It's a shit move, for sure, but I bet the calculus here is that the US will still benefit from someone else doing the hard work but without paying for it.

The only thing the US loses here is prestige. And I'm totally fine with that.

[–] Franklin@lemmy.ca 14 points 3 months ago* (last edited 3 months ago) (1 children)

i don't think so, the reality is the scale of these programs often benefit from the reach and predictable finding government provides.

it's the same reason that foreign charities for medicine are most effective when done at a government level.

[–] mannycalavera@feddit.uk 2 points 3 months ago (1 children)

You don't think the program will be picked up by another government actor? It's only the US that can do this?

Hmmm 🤔. I think that given how important the work is some other government organisation will absolutely pick up the work if the US want to wash their hands of it.

[–] Franklin@lemmy.ca 6 points 3 months ago (1 children)

sorry I thought you meant it would be picked up by the private sector I merely misunderstood

[–] mannycalavera@feddit.uk 3 points 3 months ago

Ahh no worries ☺️. All good.

[–] Sickos@hexbear.net 9 points 3 months ago

It's back https://www.techradar.com/pro/security/funding-for-the-critical-cve-security-detection-system-renewed-just-hours-before-deadline