Cybersecurity

6991 readers

247 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

US abruptly turns off funding for CVE program (www.theregister.com)

submitted 1 hour ago by [email protected] to c/cybersecurity

6 comments fedilink

cross-posted from: https://lemmy.bestiver.se/post/328810

Comments

The CVE program for tracking security flaws is about to lose federal funding (www.theverge.com)

submitted 7 hours ago* (last edited 7 hours ago) by [email protected] to c/cybersecurity

4 comments fedilink

Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program – a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations.

MITRE, the federally funded organization behind the program, confirmed to The Verge that its contract to “develop, operate, and modernize” CVE will expire on April 16th.

First launched in 1999, the CVE program houses a database where participating organizations can assign IDs to known cybersecurity vulnerabilities. The IDs consist of the letters “CVE” followed by a year and a number, such as CVE-2022-27254, allowing security professionals to monitor details about the vulnerabilities that may impact the devices we use every day and systems that contain information critical to practically everything we do.

Lukasz Olejnik, a security and privacy researcher, said in a post on X that a lack of support for CVE could “cripple” cybersecurity systems around the globe. “The consequence will be a breakdown in coordination between vendors, analysts, and defense systems — no one will be certain they are referring to the same vulnerability,” Olejnik wrote. “Total chaos, and a sudden weakening of cybersecurity across the board.”

“The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource,” Yosry Barsoum, MITRE’s vice president and director at the Center for Securing the Homeland, said in an emailed statement to The Verge. Barsoum also said the change will affect the Common Weakness Enumeration program, which catalogs hardware and software weaknesses.

The news was first spotted in a leaked letter to MITRE board members posted on X and Bluesky. MITRE receives funding from the US Department of Homeland Security (DHS) and the Infrastructure Security Agency (CISA) to “operate and evolve the CVE Program as an independent, objective third party,” according to a video about the program.