Techly NewsGet the app

Get the latest tech news

Can We Trust CVE?


If you are a security nerd, and even if you’re not, you probably heard about the epic CVE mess that happened. It’s a very long story and was covered in many places, but the TL;DR was the funding for CVE fell through, panic ensued, then CISA found some temporary funds to keep the lights, so everything is fine and we can all go back to normal. Well, some of us won’t go back to normal because the CISA funding is good for 11 months. Will there be more funding in 11 months? Will an asteroid destroy the Earth in 2032? Will society still exists at Christmas? Nobody really knows. Well that asteroid one, we sort of know that. We’ll be fine. Yay science!

So if I was going to create a diagram of how the CVE program works, how CISA, MITRE, NVD, DHS, and a bunch of other acronyms are related to the project, it would be something no human could comprehend. OWASP announced a project called Unified Framework for Global Vulnerability Intelligence which is a very long name, but is probably well positioned. If this is a topic you’re interested in, there’s a discord chocked full of people discussing vulnerability things, feel free to join.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CVE

CVE

Related news:

News photo

CVE fallout: The splintering of the standard vulnerability tracking system has begun

News photo

Why the CVE database for tracking security flaws nearly went dark - and what happens next

News photo

Replacing CVE

« China pits humanoid robots against humans in half-marathon
Scientists Find Rare Evidence Earth is 'Peeling' Under the Sierra Nevada Mountains »