this post was submitted on 16 Apr 2025

286 points (98.3% liked)

Cybersecurity

9901 readers

125 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

286

US abruptly turns off funding for CVE program (www.theregister.com)

submitted 1 year ago by floofloof@lemmy.ca to c/cybersecurity@sh.itjust.works

25 comments fedilink hide all child comments

cross-posted from: https://lemmy.bestiver.se/post/328810

Comments

all 28 comments

sorted by: hot top controversial new old

[–] Vorticity@lemmy.world 69 points 1 year ago* (last edited 1 year ago) (1 children)

What an astoundingly stupid idea. I can't think of many programs that deliver more value per dollar for everyone who develops or uses technology than the CVE program. This administration keeps raising the bar for stupidity.

[–] taladar@sh.itjust.works 20 points 1 year ago

But CVE hurts Trump's people, the scam artists and spammers and of course his buddies in Russia.

[–] Jiggle_Physics@sh.itjust.works 58 points 1 year ago (2 children)

Let me guess, DOGE bros didn't know what it was?

[–] Brownboy13@lemmy.world 49 points 1 year ago (3 children)

DOGE tech bros 100% know what it is. But they're also probably the kind of devs that hate fixing issues surfaced by CVE's in dependencies. Have seen my fair share of these types of 'engineers'. Same kind of folks who see qa and testing as the enemy.

[–] jonne@infosec.pub 20 points 1 year ago (2 children)

They're script kiddies, they use CVE to figure out which hacking scripts to use to break into servers that haven't been updated in years.

[–] whostosay@lemmy.world 4 points 1 year ago

I don't think they're this savvy, this is likely just another one of Putin's orders.

[–] weirdboy@lemm.ee 1 points 1 year ago

If that were the case, they'd want to keep it going.

[–] expr@programming.dev 2 points 1 year ago

I'm honestly not so sure, they are really clueless when it comes to technology.

[–] Jiggle_Physics@sh.itjust.works 0 points 1 year ago

I was more implying that if this blows up in the their face, the public statement will be it was a mistake, made from ignorance, to evade responsibility. Sorry if that didn't come off clearly. Making sure implication gets across online sucks.

[–] Waldo82@sh.itjust.works 1 points 1 year ago

They absolutely know, they want to avoid the accountability of acknowledging and fixing vulnerabilities, which is why they're trying to kill CVE.

[–] exposable_preview@slrpnk.net 30 points 1 year ago (1 children)

they have actually prepared for this

https://www.thecvefoundation.org/

[–] recursive_recursion@lemmy.ca 2 points 1 year ago

Thanks for sharing!🤗

[–] IllNess@infosec.pub 26 points 1 year ago (1 children)

All part of the plan to let Russian hackers take whatever they want.

[–] Telorand@reddthat.com 12 points 1 year ago

China: Don't mind if I do!

[–] dohpaz42@lemmy.world 21 points 1 year ago

Goddamnit.

[–] atzanteol@sh.itjust.works 19 points 1 year ago

Trump was so right - I'm very sick of "winning".

[–] Boomkop3@reddthat.com 15 points 1 year ago

This is an oddly close timing with 4chan getting hacked and leaking a bunch of user and mod accounts with .gov emails in them

[–] Tiger@sh.itjust.works 13 points 1 year ago

This is one of the worst acts of DOGE, fucking assholes.

[–] Semi_Hemi_Demigod@lemmy.world 9 points 1 year ago

“Stupid face, you don’t need that nose!” - America

[+] rpl6475@lemmy.ml 7 points 1 year ago* (last edited 9 months ago) (2 children)

[deleted]

[–] whostosay@lemmy.world 3 points 1 year ago (1 children)

The site needs to be scraped asap, and a clone needs to happen asap.

[–] ricecake@sh.itjust.works 2 points 1 year ago

One of the benefits of it being such a widely used system is that we don't need to make a special effort to do so. It's already been aggregated and copied around as part of routine optimization by any number of security conscious engineers who aren't trying to make the world a worse place.

I've personally worked on at least three systems at two employers where making an automated copy of the data regularly was just an early optimization and matter of etiquette.

It's a good opportunity to learn how to do it though! You have or can get all the tools you need on your computer.

[–] signalsayge@lemm.ee 1 points 1 year ago (1 children)

No. MITRE is a federally funded research and development center (FFRDC). The only customer it's allowed to have is the US government.

[–] pineapplelover@lemm.ee 3 points 1 year ago

What's more free than exposing all your vulnerabilities?

MURICAAAAAA baby

[–] starkzarn@infosec.pub 2 points 1 year ago* (last edited 1 year ago)

No one has mentioned anything about how CISA -- as gutted as they are -- has stepped up to ensure funding for the next 11 months. CVEs aren't going anywhere.

[–] Outtatime@sh.itjust.works 1 points 1 year ago

Oh God no. Not that...