from a private thread:
}The CVE Foundation has been formed to fund the CVE effort, due to
}"longstanding concerns among members of the CVE Board about the
}sustainability and neutrality of a globally relied-upon resource being tied
}to a single government sponsor.":
}
} https://www.thecvefoundation.org/I had previous opioned that it was time for EC/EU (maybe NATO) to take on funding this, and to move/replicate the effort outside of MITRE. That was before I knew of the foundation. I think that MITRE has done the best job possible ... for a beltway entity... but that it hasn't been very helpful. 3h webinar required to learn what a CVE is before you can get allocations. yes, useful to the unwashed C* masses... I'm of the opinion that RIPE can and ought to take on a role here as representatives of the ISP operator community. Both in a leadership role and as a source of funding. The FAQ says to contact [email protected], and this email is BCC'ed to them. (Many open source projects get dozens to hundreds of "potential" CVEs from fuzzers who need a CVE number assigned in order to claim a bounty. There is now a cottage industry of fuzzers. It's a perverse result of the bounty programs... creating a huge amount of work to review potential issues, which often are impossible to actually exploit... and never come with fixes) -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ripe-list.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
