| JayF | https://infosec.exchange/@briankrebs/114343835430587973 this is likely going to be a non-trivial impact to us. Tldr mitre and cves are going away | 13:03 |
|---|---|---|
| JayF | It looks like there might be some efforts to privatize this work into a foundation. It's very difficult to see exactly how it's going to shake out though. | 13:07 |
| rosmaita | and they're not going to have it all moved over today! this is crazy | 13:12 |
| JayF | At first I was wondering if there's anything maybe the foundation could do in this direction, but then I realized that while we're big, there really are going to be some 500 lb gorillas that are going to be attacking this problem | 13:16 |
| JayF | I'm sure our new overlords at the Lenox foundation are on it 😂 | 13:16 |
| JayF | **Linux | 13:16 |
| fungi | https://www.thecvefoundation.org/ | 13:19 |
| fungi | enough large corporations with deep pockets depend on mitre's work that private funding seems likely | 13:20 |
| rosmaita | yeah, so was the CVE Foundation launched today? | 13:21 |
| rosmaita | they do seem to be responding quickly | 13:21 |
| rosmaita | gotta say, i agree with Brian Krebs's comment on that post Jay linked: "Probably the last CVE indexed before it goes dark should be CVE-2025-DOGE (critical, local privilege escalation vulnerability that leads to malicious code execution and data exfiltration)." | 13:25 |
| fungi | yes, that foundation was created and announced today, seems like | 13:28 |
| JayF | https://www.forbes.com/sites/kateoflahertyuk/2025/04/16/cve-program-funding-cut-what-it-means-and-what-to-do-next/ Forbes has updated this post to indicate that the contract has been re-upped. I'd be surprised if it stays a public service instead of being privatized for long though. | 14:21 |
| JayF | If this was a scream test, good on the internet for screaming I guess | 14:21 |
| fungi | well, it was already privately operated, it merely received funding from the usg | 14:22 |
| fungi | but i can certainly see there being a rising interest in making mitre less dependent on government grants regardless | 14:23 |
| opendevreview | Merged openstack/security-doc master: Updated from openstack-manuals https://review.opendev.org/c/openstack/security-doc/+/947166 | 15:12 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!