Mastodawn

We exist! See the press release announcing such: https://www.thecvefoundation.org/

CVE Foundation

FOR IMMEDIATE RELEASE April 16, 2025 CVE Foundation Launched to Secure the Future of the CVE Program [Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a

Show thread

Wary Jerry Apr 18

@thecvefoundation welcome to the fediverse! You’ll probably find that people will badger you until you verify your account (instructions here if you are interested: https://docs.joinmastodon.org/user/profile/#verification)

Setting up your profile - Mastodon documentation

Get started with your new account.

Show thread

The CVE Foundation Apr 18

@jerry Was already doing it. ;-)

Show thread

Wary Jerry Apr 18

@thecvefoundation I always feel bad for suggesting it but I know what’s in store if I don’t.

Show thread

cR0w

Apr 19

@jerry @thecvefoundation I think it's a fair expectation for an account like that given the past week though. I'm surprised I haven't seen any fake ones popping up to add to the chaos.

Show thread

The CVE Foundation Apr 19

@cR0w @jerry It should be done - website is in the profile, link is on the website. Now we wait I suppose.

Show thread

Wary Jerry Apr 19

@thecvefoundation @cR0w it should be close to immediate. It’s a bit finicky on what it expects - I’ll take a look at what’s going on

Show thread

Wary Jerry Apr 19

@thecvefoundation @cR0w that is some wild HTML - I think the issue is that the href is defined inside a div tag instead of a link tag in the header, or an "a" tag in the body. I don't know if the parser will choke on the other ornamentation - hopefully not.

Show thread

Quinn9282 🖥️🌙✌️Apr 19

@jerry @thecvefoundation Yeah, that's not going to work. The Mastodon API isn't going to be able to recognize that jumbled mess of HTML code as anything legible. It only really checks to see if a verification link is there within the HTML file in the proper format it expects, and if it's not, then it assumes there's no link there and the verification process won't work.

Show thread

Quinn9282 🖥️🌙✌️Apr 19

@jerry And if there's no way to edit the HTML directly and/or change how the link is parsed in the HTML code with Google Sites, then @thecvefoundation, you'll have to look into a different website builder/host that let's you work with HTML code directly and displays the final code cleanly in the HTML file without any weird messy parsing processes.

Show thread

The CVE Foundation Apr 19

@Quinn9282 @jerry There was a cut/paste error with the HTML that I caught on a second look and fixed, so the link on the site is working now.

In a browser it shows fine in the source:
<a target="_blank" style="color: inherit; text-decoration: none;" rel="me" href="https://infosec.exchange/@thecvefoundation"><span class="C9DxTc aw5Odc " style="font-size: 10.0pt; text-decoration: underline; vertical-align: baseline;">Mastodon</span></a>

It has styling but it is fundamentally the same link. If it won't verify, such is life.
Much higher priorities than that currently.

The CVE Foundation (@thecvefoundation@infosec.exchange)

6 Posts, 2 Following, 152 Followers · The Official Mastodon/Fediverse account of The CVE Foundation

Infosec Exchange

Show thread

The CVE Foundation

@Quinn9282 @jerry But yeah, looking at the raw data coming in, it looks like user-embedded HTML is delivered as a payload and rendered in-browser, so if Mastodon is looking in the raw payload it isn't going to validate it. Honestly, just getting verification to work isn't enough to look for other hosting solutions, so this account will remain unverified until some future time when the site might move or a new verification system is rolled out.

Shame we can't verify via a DNS TXT record. It was a snap to do that for other accounts. But for now humans can see the site links to this account if they want to check for themselves.

Show thread

Wary Jerry Apr 19

@thecvefoundation @Quinn9282 that will have to do.

The only success anyone I’ve found had with google sites is using this approach: https://pages.pplupo.com/2024-02-09-Mastodon-verification-on-Google-Sites-with-Cloudflare/ but it requires using Cloudflare, so lots of extra overhead

pplupo Pages | Mastodon verification on Google Sites with Cloudflare

How to verify any website you own using Cloudflare

Software Engineering Management Blog

Show thread

Hippo 🍉Apr 19

@thecvefoundation would you consider moving your site if someone volunteered to do the reimplementation? Not immediately but maybe a bit down the line?

This looks like a pretty simple website so far, and even if it were to be customised later, something like #Hugo or another #SSG should do the job (assuming everyone on your end who has to edit the website is comfortable updating it that way)

@Quinn9282 @jerry

Show thread

Quinn9282 🖥️🌙✌️6d ago

@thecvefoundation That's OK, don't worry about the verification for now. I understand that you're just starting out so I won't pester you about that issue. Though if you do decide to remake the site with a different website builder/host in the future, what I said before may be something to consider when choosing a new website builder/host to use.