Ondřej Surý <[email protected]> wrote: > I am not sure if anyone should support CVE Foundation yet. You don't build > trust just by founding yet-another-foundation and put CVE into the name. Not > to mention that swapping one US organization for a different US organization > might not be a best choice as of now.
That's a good point.
I'd like to see RIPE propose one of the board members for the CVE Foundation.
That doesn't get EC (or NATO) off the hook of doing something non-USSA based.
(EUVD is mentioned in the post)
My understanding is the CVE Foundation ("the board") is still in the
formative stage, and had not yet taken any kind of control over MITRE's work.
> I would recommend cautious approach and perhaps thinking about the way
> forward.
> This blog post resonates with me a lot:
> https://opensourcesecurity.io/2025/04-can-we-trust-cve/
That's an interesting read, and the other article about NVD is good too.
https://anchore.com/blog/national-vulnerability-database-opaque-changes-and-unanswered-questions/
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ripe-list.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
