Because vulnerability management has nothing to do with national security, right?
Ruzza just creamed their pants
Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program
Submitted 3 weeks ago by Tea@programming.dev to technology@lemmy.world
https://go.theregister.com/feed/www.theregister.com/2025/04/16/homeland_security_funding_for_cve/
Comments
cheese_greater@lemmy.world 3 weeks ago
Zirconium@lemmy.world 3 weeks ago
North Korea too. Big win for them
EarthShipTechIntern@lemm.ee 3 weeks ago
…Continuously! (since Trump got in office)
sp3ctr4l@lemmy.dbzer0.com 3 weeks ago
On the bright side, at least our upcoming American cyberpunk dystopia is now more likely to feature a greater prevelance of lone wolf, broke, two bit hackers as a semi-viable lifestyle/‘career path’…
barsoap@lemm.ee 3 weeks ago
It shouldn’t surpris too much given Mike Pondsmith’s general record of clairvoyance that NetWatch is a European Corp.
And, no, “Vos videmus” totally isn’t a creepy motto. Based out of London, one could almost think that it’s the London CCTV system turned sentient AI.
sp3ctr4l@lemmy.dbzer0.com 3 weeks ago
All that has to happen for a ‘Blackwall’ analagous scenario is enough undersea cables get cut/sabotaged.
Then you’re looking at a much more localized internet, where actually having a reliable or high bandwidth connection to a very far away place requires you to either have an insane jerry rigged solution, or a lot of money to pay for an increasing valuable, still existing intercontinental line.
Of course, we very much could also end up with a more intentionally constructed type of widespread firewalling as well… they already exist.
China’s great firewall, tons of other countries that have internet and/or social media killswitches…
j0ester@lemmy.world 3 weeks ago
You say cyberpunk dystopia… I say 1776.
sp3ctr4l@lemmy.dbzer0.com 3 weeks ago
… As soon as you find documents from the founding fathers addressing best practices and policies regarding cybersecurity, let me know.
sugar_in_your_tea@sh.itjust.works 3 weeks ago
Updated to add at 1700 UTC, April 16
In an 11th-hour reprieve, the US government last night agreed to continue funding the CVE program.
Not sure how much more whiplash I can take…
ameancow@lemmy.world 3 weeks ago
They want us to all tune out. This is all by design so we don’t know what’s real or not anymore, then they can get away with even more and nobody will care.
This is what they’ve been doing for years and years, this is just more of the same.
tehn00bi@lemmy.world 3 weeks ago
I’m not sure about “they” the US government, but it’s absolutely a Russian/ Authoritarian state playbook.
MrScottyTay@sh.itjust.works 3 weeks ago
I think a lot of it is too get and propogate misinformation because some people won’t hear about the 180s and still talk about as if they happened
Stamau123@lemmy.world 3 weeks ago
someone told them what the acronym really meant, musta thought it was an EV credit or something
anomnom@sh.itjust.works 3 weeks ago
It’s not Uncle Sam, or the USA shutting this down. It’s the Republican Administration. They’ve been empowered by the Republican led Congress to shut down anything it doesn’t like, understand, or benefit from.
JigglySackles@lemmy.world 3 weeks ago
REPUBLICANS. Not some nebulous “uncle sam”. Republicans are turning off funding. They deserve 100% of the blame because they are 100% the cause.
SoftestSapphic@lemmy.world 3 weeks ago
Democrats could have blocked this.
This fact is worth aknowledging as we see more and more of these horrible laws pass.
JigglySackles@lemmy.world 3 weeks ago
They certainly are complicit and not putting up nearly enough resistance. Republicans are still the cause, and democrats are refusing to do anything effectual to stop it. I’d love to eject them all, but my point is that this isn’t “uncle sam”, it’s republicans. And it wouldn’t have happened if the Republicans hadn’t started it.
Monstrosity@lemm.ee 3 weeks ago
How could Democrats have blocked this? Art thou speaking out thine ass?
EarthShipTechIntern@lemm.ee 3 weeks ago
Repugnicunts own the white house & house because Democraps in power didn’t do their jobs the last four years. Russian influence in elections? Obvious, yet not abated by NSA. Misinformation by Fox & Facebook, X? Also obvious. Also not abated (let’s go after TikTok!).
Blatant treason? No problem, we’ll let him take presidency after we DON’T CHECK THE VOTING IRREGULARITIES in VOTES COLLECTED BY THE LARGEST CONTRIBUTER TO TRUMP’S CAMPAIGN.
DNC is a shit-heap.
AOC & Sanders are lovely exceptions.
JigglySackles@lemmy.world 3 weeks ago
So far Crockett seems like a good 3rd addition to that list of Ocasio-Cortez and Sanders.
FauxPseudo@lemmy.world 3 weeks ago
This has a CVE score of 10. The next Security Now podcast episode is going to be lit.
oppy1984@lemm.ee 3 weeks ago
I listen to SN while at work. I may take next Tuesday night off and grab a big bag of popcorn.
aramova@infosec.pub 3 weeks ago
Yeah, I wish I could see Steve’s reaction as he learned it
PlantPowerPhysicist@discuss.tchncs.de 3 weeks ago
The EU needs to start planning now (well, really, needed to start planning in 2016) to replace every critical system that relies in any way on the US government.
If you think of money invested vs. return on government programs like this, the benefit is incredible. That it’s being discontinued is obvious proof that the US is run by the agents of its own destruction and cannot be relied upon in any way: not as a supplier of military equipment, or information technology, or economic codependency.
AcidicBasicGlitch@lemm.ee 3 weeks ago
They’re doing so much of this shit quietly, but when you start to put each piece together it should be frightening to anyone that doesn’t believe Russia is our BFF.
In late Feb, just after the whole Zelenskyy White House visit, Hegseth issued an order to Cyber Command to halt all planning against Russia including cybersecurity offensive strategies.
He gave the order to Commander Timothy Haugh, who is also head of the National Security Agency. Haugh told the outgoing director of operations, and cyber command begun putting together an official document of why this is a very bad idea.
I missed this completely until yesterday, but it turns out that Haugh and his NSA deputy were both suddenly ousted from their positions less than 2 weeks ago.
No reason was given they were just told “your services are no longer required.” Apparently Laura Loomer requested Trump have them removed and made some vague accusations against them bc they had been installed under Biden.
I admit I hadn’t heard of CVE program before today. Since we are BFFs now and Russia is “totally not a threat” to the U.S., I guess it’s supposed to be ok because friends share everything. But wouldn’t this also make us incredibly more vulnerable to China and any other country?
samus12345@lemm.ee 3 weeks ago
wouldn’t this also make us incredibly more vulnerable to China and any other country?
Yes, which is why Putin told Trump to do it.
OCATMBBL@lemmy.world 3 weeks ago
We as a society need to start defining our damn acronyms. Stop assuming everyone knows what every acronym is, because they do not.
pupbiru@aussie.zone 3 weeks ago
okay, but pretty much anyone in software knows what CVE means, and anyone outside of software doesn’t need to know what CVE means… it’s almost as common as CPU
musubibreakfast@lemm.ee 3 weeks ago
CPU = Chief Party Unicorn
sugar_in_your_tea@sh.itjust.works 3 weeks ago
Yup. If you touch anything related to security, you know what a CVE is.
LengAwaits@lemmy.world 3 weeks ago
Lucky for you the linked article explains the acronym!
Wait, you’re not one of those people who only reads headlines, are you?
DJDarren@sopuli.xyz 3 weeks ago
Yeah, like several other people on the internet I’m not American, so I have no idea what this is about.
digdilem@lemmy.ml 3 weeks ago
I’m not American, but CVE’s absolutely form the cornerstone of IT security, and are the trusted keystone of industry security globally.
tiddy@sh.itjust.works 3 weeks ago
towelie@lemm.ee 3 weeks ago
ISWYMBIHTD
Barrymore@sh.itjust.works 3 weeks ago
“I see what you man but I have to disagree”?
dan69@lemmy.world 3 weeks ago
Adds cybersecurity to resume** Finally gets hired…
entwine413@lemm.ee 3 weeks ago
Good luck, I’ve been trying for 2 months and I was a senior engineer.
dan69@lemmy.world 3 weeks ago
Sorry to hear that, i wish you positive luck in the near future!
whoisearth@lemmy.ca 3 weeks ago
My sense is orgs are correcting now from the over-hiring they did a few years ago. Our InfoSec department blew up over the last 5 years as did many corporations but the problem is in the boom you had, for lack of a better way to put it, a lot of morons snuck in under the auspices of “I took a course I’m a security engineer!”
Now corporations are moving on to risk mitigation which is a completely different skillset.
TonyTonyChopper@mander.xyz 3 weeks ago
Right before Windows 10 loses security updates too, what a coincidence. Wonder what the Russians are working on…
solarvector@lemmy.dbzer0.com 3 weeks ago
For most people the consequences of this action will be too far away to understand the connection, so it’s a pretty good target for the US Republican party.
sik0fewl@lemmy.ca 3 weeks ago
Can’t wait until I don’t have to upgrade software anymore!
Yoga@lemmy.ca 3 weeks ago
Imagine being one of the tech billionaires who Trump bankrolled and he does this- basically handing out wrenches for people to throw.
Rookeh@startrek.website 3 weeks ago
2017: covfefe 2025: cvefefe
umbraroze@slrpnk.net 3 weeks ago
I was, like, w-what CVE program. I don’t know of any “CVE” programs that could be shut down, so I don’t know what that abbreviation refers to.
Unless…
…oh no. Fuck. The actual CVE program? And they’re just gonna- Shit.
What.
How.
I don’t know how many times I’ve said “America is fucked” when reading the news lately, and I should stop doing that, because that fact has now been so well established that there’s no need to elaborate.
sinceasdf@lemmy.world 3 weeks ago
False alarm
Updated to add at 1700 UTC, April 16 In an 11th-hour reprieve, the US government last night agreed to continue funding the CVE program.
towerful@programming.dev 3 weeks ago
What a stable government
C45513@lemm.ee 3 weeks ago
stable geniuses
dantheclamman@lemmy.world 3 weeks ago
I don’t think it’s a false alarm, in the sense that it is totally reasonable to be alarmed. They are cutting crucial stuff before they know what it is. There are a lot of things being cut where we’re only going to understand the impact years from now.
sinceasdf@lemmy.world 3 weeks ago
Sure, but there’s a limited bandwidth for people’s intake of information. This in particular is no longer a cause for alarm.
Sanctus@lemmy.world 3 weeks ago
The Age of Fire is ending in America. The President is a Hollow working for Darkstalker Kaathe.
fyzzlefry@retrolemmy.com 3 weeks ago
We shouldn’t all have to deal with this alone
themurphy@lemmy.ml 3 weeks ago
Literally the rest of world against these fuckers soon.
you_are_it@lemmy.sdf.org 3 weeks ago
Are you guys free yet?
PunkRockSportsFan@fanaticus.social 3 weeks ago
They do t want national security.
They want to steal your property and destroy the country so they can reform it in their image.
rottingleaf@lemmy.world 3 weeks ago
Rather they want new vulnerabilities to go right to the market and remain unknown for longer, because that makes the surveillance and other criminal activity by the government easier.
Formfiller@lemmy.world 3 weeks ago
It’s because the entire administration is a vulnerability
j0ester@lemmy.world 3 weeks ago
MAGA supporter: yup! Waste and fraud to me.
idiots!
fossilesque@mander.xyz 3 weeks ago
Yes, this will end well. I wonder how the org will evolve from this or will another country pick it up… Will be interesting to see.
fubarx@lemmy.world 3 weeks ago
Be funny if someone started a gofundme.
x00z@lemmy.world 3 weeks ago
Why would anybody donate and put trust into a very important service that’s ran in an unreliable country?
The rest of the world will probably just take over and leave the US in the dark about useful CVEs that could be used in their cyber ops.
nightm4re@feddit.org 3 weeks ago
My European friends here: do whatever you can to make EUVD a viable alternative. It’s a vulnerability database led by the European Union Agency for Cybersecurity enisa. Since their website is relatively new, you can help by providing feedback though this survey. Yes, the CVE funding has been continued for another year. But a sustainable approach to vulnerability management cannot be dependent on a single government-owned / funded entity any longer! I wish the board members all the best in transferring CVE to a new umbrella organization, but now is a great time to also consider global alternatives.
Mwa@lemm.ee 3 weeks ago
We need a alterntive that doesn’t rely on the U.S.A it can be from any country
oppy1984@lemm.ee 3 weeks ago
So either the EU steps up and funds them until the administration tariffs the EU until they stop.
Or we rely on the big tech companies to step up and fund them and risk pissing off the administration.
Honestly the only way I see them coming back is either up root their lives and move to the EU with a funding guarantee, or the EU just sets up their own program.
SplashJackson@lemmy.ca 3 weeks ago
What the fuck is “CVE”? Cumsluts Versus Everyone?
sugar_in_your_tea@sh.itjust.works 3 weeks ago
More-or-less:
Common Vulnerabilities and Exposures
Basically exploit reporting.
SplashJackson@lemmy.ca 3 weeks ago
I like my acronym better… more sugar tonight in my tea!
Kbobabob@lemmy.world 3 weeks ago
Just in case
FlashMobOfOne@lemmy.world 3 weeks ago
Thank you. I’ve never heard this acronym before, myself.
HeyThisIsntTheYMCA@lemmy.world 3 weeks ago
thank you i spaghetti walling and none of my backronyms were fitting
kandoh@reddthat.com 3 weeks ago
Fascinating series of words I’ve never heard before
chaosCruiser@futurology.today 3 weeks ago
Cannelloni-Vermicelli Exploration program? You know, to find out what happens if you mix both on the same plate? Will the Italians assassinate you before you can take the first bite? Will the pasta annihilate as soon as they touch? Will it be delicious? Who knows, and now we will never know.
Arcka@midwest.social 3 weeks ago
Yep, one of those things the IT department takes care of and most other people just need to know to keep their devices updated.