On Wed, 16 Apr 2025, Rolf Reintjes wrote:
any comments on this?:
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
Dodged a bullet for now, it seems, but it'll be a long time before USG
sustainance funding for something this obvious can be taken for granted.
At this point might USG funding even be unreliable enough to account for
as a receivable on a balance sheet even in the presence of a signed
contract and for work performed.
For critical infrastructure that requires sustained funding, it seems more
important than ever to move to RAID - a Redundant Array of Independent
Donors - so as to avoid the complete and total cut-off of any one (or a
handful) of financial supporters that could collapse the system. I assume
(hope?) that MITRE is pursuing alternative sources right now; if not,
someone else should be.
Brian
