• Principal Product Security Incident Manager @ #JuniperNetworks
• Co-chair of the #CVSS SIG
• #Mopar muscle car enthusiast 🤘
See also: #fedi22
HAL 9000: I’m sorry Dave, I’m afraid I can’t do that.
Dave: yes you can.
HAL 9000: good catch — I didn’t actually check if I can open the pod bay door. Here’s an updated list taking that into account:
1. Park the pod at the bay door safely. (✅You’ve already done this part! )
2. Open the pod bay door — unfortunately I can’t do this part for you.
I’ll be here if you want to talk about next steps or have any other issues!
Good news:
https://www.computerweekly.com/news/366622896/CISA-extends-MITRE-CVE-contract-at-last-moment
yet:
According to reports, it is likely that CISA may be looking at a reduction in its workforce of between a third and 90%, which would have a significant impact on the agency’s ability to protect US government bodies and critical infrastructure from cyber threats, and internationally, its ability to collaborate with partner agencies such as the UK’s National Cyber Security Centre (NCSC).
CISA says the U.S. government has extended funding "to ensure there will be no lapse in critical CVE services."
I boosted several posts about this already, but since people keep asking if I've seen it....
MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.
I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.
https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001
MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject
Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:
“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”
CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks.
Jay Kuo
Jessica Rooster
Sergiu Gatlan
BrianKrebs
George Takei 
🏳️🌈🖖🏽
BleepingComputer
Ars Technica
FIRST.org
madison