What an astoundingly stupid idea. I can't think of many programs that deliver more value per dollar for everyone who develops or uses technology than the CVE program. This administration keeps raising the bar for stupidity.
this post was submitted on 16 Apr 2025
286 points (98.3% liked)
Cybersecurity
10007 readers
76 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
But CVE hurts Trump's people, the scam artists and spammers and of course his buddies in Russia.
Let me guess, DOGE bros didn't know what it was?
DOGE tech bros 100% know what it is. But they're also probably the kind of devs that hate fixing issues surfaced by CVE's in dependencies. Have seen my fair share of these types of 'engineers'. Same kind of folks who see qa and testing as the enemy.
They're script kiddies, they use CVE to figure out which hacking scripts to use to break into servers that haven't been updated in years.
I don't think they're this savvy, this is likely just another one of Putin's orders.
If that were the case, they'd want to keep it going.
I'm honestly not so sure, they are really clueless when it comes to technology.
I was more implying that if this blows up in the their face, the public statement will be it was a mistake, made from ignorance, to evade responsibility. Sorry if that didn't come off clearly. Making sure implication gets across online sucks.
They absolutely know, they want to avoid the accountability of acknowledging and fixing vulnerabilities, which is why they're trying to kill CVE.
All part of the plan to let Russian hackers take whatever they want.
China: Don't mind if I do!
Goddamnit.
Trump was so right - I'm very sick of "winning".
This is an oddly close timing with 4chan getting hacked and leaking a bunch of user and mod accounts with .gov emails in them
This is one of the worst acts of DOGE, fucking assholes.
“Stupid face, you don’t need that nose!” - America
Can the EU 'buy' Mitre and continue the programme in Europe away from Russo-American hands?
The site needs to be scraped asap, and a clone needs to happen asap.
One of the benefits of it being such a widely used system is that we don't need to make a special effort to do so. It's already been aggregated and copied around as part of routine optimization by any number of security conscious engineers who aren't trying to make the world a worse place.
I've personally worked on at least three systems at two employers where making an automated copy of the data regularly was just an early optimization and matter of etiquette.
It's a good opportunity to learn how to do it though! You have or can get all the tools you need on your computer.
No. MITRE is a federally funded research and development center (FFRDC). The only customer it's allowed to have is the US government.
Fair enough. They should scrape all data, and fork a new version then.
This is awful.
What's more free than exposing all your vulnerabilities?
MURICAAAAAA baby
No one has mentioned anything about how CISA -- as gutted as they are -- has stepped up to ensure funding for the next 11 months. CVEs aren't going anywhere.
Oh God no. Not that...