oss-sec mailing list archives
Re: CVE program averts swift end
From: Brian Behlendorf <brian () behlendorf com>
Date: Wed, 16 Apr 2025 12:38:38 -0700 (PDT)
On Wed, 16 Apr 2025, Rolf Reintjes wrote:
any comments on this?: https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
Dodged a bullet for now, it seems, but it'll be a long time before USG sustainance funding for something this obvious can be taken for granted. At this point might USG funding even be unreliable enough to account for as a receivable on a balance sheet even in the presence of a signed contract and for work performed.
For critical infrastructure that requires sustained funding, it seems more important than ever to move to RAID - a Redundant Array of Independent Donors - so as to avoid the complete and total cut-off of any one (or a handful) of financial supporters that could collapse the system. I assume (hope?) that MITRE is pursuing alternative sources right now; if not, someone else should be.
Brian
Current thread:
- CVE program averts swift end Rolf Reintjes (Apr 16)
- Re: CVE program averts swift end Marco Moock (Apr 16)
- Re: CVE program averts swift end Jan Klopper (Apr 17)
- Re: CVE program averts swift end Brian Behlendorf (Apr 16)
- Re: CVE program averts swift end Alan Coopersmith (Apr 16)
- Re: CVE program averts swift end Olle E. Johansson (Apr 17)
- Re: CVE program averts swift end Alan Coopersmith (Apr 16)
- Re: CVE program averts swift end Marco Moock (Apr 16)