Kevin BeaumontApr 15

Wow. CVE database is in serious trouble, tomorrow.

The cyber industry as a whole is in trouble also really, it’s the elephant in the room - the collapse of the White House’s support for cybersecurity is obvious and pronounced due to widespread cutbacks.

Show threadKevin BeaumontApr 15
Show threadKevin BeaumontApr 15

My take on the CVE contract issue for businesses: don’t overreact, wait and see what impacts are.

The NVD backlog was already pretty crazy.. the US gov has gotta put real funding into this area if it wants to retain control of cyber standards.

Show threadKevin BeaumontApr 15
Just as an update to this - @briankrebs has confirmed with MITRE the letter is real, and as it stands the CVE database is likely to go offline tomorrow.
Show threadgwireApr 15

@GossiTheDog @briankrebs Is it not funded to 2025-04-25?

https://www.usaspending.gov/award/CONT_AWD_70RCSJ24FR0000019_7001_70RSAT20D00000001_7001

USAspending.gov

Show threadBrianKrebs
@gwire @GossiTheDog okay that is very interesting. that exact link loaded something else about 10 minutes ago. Here's the screenshot. See the date changes.
Apr 15 at 9:42pmWeb
Show threadgwireApr 15
@briankrebs @GossiTheDog that screenshot is the 2023/2024 order, not the 2024/2025 one
Show threadgwireApr 15

@briankrebs @GossiTheDog

ah, this is the current one

https://www.usaspending.gov/award/CONT_AWD_70RCSJ24FR0000018_7001_70RSAT20D00000001_7001

USAspending.gov

Show threadDaniel AJ SokolovApr 16
@gwire @briankrebs @GossiTheDog Yes, until a short while ago the old data was provided at that link. The amounts were higher.