609
CVE Board members launch the CVE Foundation, a dedicated, non-profit to continue identifying vulnerabilities, after the US ended its contract with Mitre (www.thecvefoundation.org)
submitted 2 months ago by Tea@programming.dev to c/technology@lemmy.world
37 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] wampus@lemmy.ca 2 points 2 months ago

Yeah, but that's sort of the point I was making.... it was a data repository used by "thousands and thousands" of security professionals and organizations. So people who were generating revenue off of the service. I mean, they're professionals, not hobbyists / home users.

I'm not an American, but in terms of everything running like a company/for profit, I'd say that its best if things are sustainable / able to self-maintain. If the US cutting funding means this program can't survive, that's an issue. If it has value to a larger community, the larger community should be able to fund its operation. There's clearly a cost to maintaining the program, and there are clearly people who haven't contributed to paying that cost.

In terms of going back to whatever, the foundation involved is likely to sort out alternative funding, though potentially with decreased functionality (it sounds like they had agreements to pay for secondary vulnerability report reviews, which will likely need to get scaled back). Maybe they'll need to add in a fee for frequent feed pulls, or something similar. I wouldn't say it's completely toast or anythin just yet.

[-] JasonDJ@lemmy.zip 1 points 2 months ago

Idk about Tenable specifically, but a lot of the major security vendors have their own pool of security researchers who very frequently contribute to CVE. Mostly from finding vulns in their own product, but a lot of those vulns are due to upstream libraries.

this post was submitted on 16 Apr 2025
609 points (99.5% liked)

Technology

72734 readers
1164 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws