Comment on CVE Board members launch the CVE Foundation, a dedicated, non-profit to continue identifying vulnerabilities, after the US ended its contract with Mitre

<- View Parent
ricecake@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago

I think you might be overestimating how complex the system is. This isn’t collaborative, and it’s barely even dynamic. It’s essentially bookkeeping around a list of numbers and a zip file of text documents.

github.com/CVEProject/cvelistV5/…/main.zip

The reporting of the issues is already done by other people, they just rely on a central group to keep the numbers from colliding.

www.cve.org/CVERecord?id=CVE-2025-3576

Not a whole lot there.

Significantly more worrying is the nvd.

nvd.nist.gov/vuln/detail/CVE-2025-31161

There’s additional data attached relating to not just the vulnerability, but exploitation and the system configuration that’s known to be exploitable.

Up until now it was benign, as well as entirely unavoidable, for so much of the infrastructure of the Internet to be closely tied to the US government.

source
Sort:hotnewtop