Comment on US Government Almost Kills Critical Cybersecurity Database
giacomo@lemm.ee 11 months ago
can they put cve on a blockchain? or some publicly auditable distributed database?
its worrisome that all it takes is a funding cut to shut it down.
Oh yes blockchain the solution to the world’s problem. Provided the world’s problem is that the current solution works too well and we don’t like that.
We need to back this data up but that doesn’t require anything anywhere near as complicated and over-engineered as blockchain, we can just have something as simple as multiple servers.
That works too, but who controls the servers, and how is the authority handled? Backing up the data is one thing, and that can be easily done I believe. But what about for future advisories? They are published via one of the authoritative servers and synced to the other authoritative servers? How is that information verified to ensure bad actors aren’t publishing bullshit information?
I don’t think blockchain is necessarily the answer. The whole thing can just be done with signing keys, yeah?
I know everyone hates on blockchain, but I think its kinda neat and would like to see some cool applications with it one day.
That’s an easy problem to solve you just hash the database. Blockchain is good at solving the problem when you don’t have a reliable Central authority but if you do have a reliable Central authority there’s no point adding blockchain to it.
And we already have the reliable central authority, we have the original database.
Doesn’t block chaining a massive database like this also open the doors for bad actors to insert BS entries to the chain, or making illegitimate copies of the chain and redistributing them as a “genuine” copy? My understanding is that the chain may be genuine but the human readable data attached to it could be falsified, so it may be unique but it would be useless or malicious.
And a blockchain helps to solve which part of the problem? Some were working on mirroring all data to a git repository. In theory, that allows for easy access on all the data, versioning (with commits) and - through forks and merge requests - collaboration and distribution. Also git is a distributed repository that clones the whole history to your local drive.
github.com/…/mitre-cve-database
But with the announcement of the cve foundation, I don’t know whether they will really import all the data in this git repository.
elrecoal19_1@lemmy.world 11 months ago
…and what is gonna keep it up if it goes to the blockchain? Air?
giacomo@lemm.ee 11 months ago
No
elrecoal19_1@lemmy.world 11 months ago
That’s delusional as fuck
giacomo@lemm.ee 11 months ago
what, that I do not think that?
what are you trying to argue?