Yeah, this was going to happen regardless of the US.
> The European Union Agency for Cybersecurity (ENISA) first announced the project in June 2024 under a mandate from the EU's Network and Information Security 2 Directive, and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.
There's no particular reason a vulnerability database needs to be government-sponsored, and some compelling reasons why it shouldn't be "owned" by one government or another (one being guaranteed continuity even during seasons of change).
Well it certainly did falter (but not cease) due to incompetent leadership and guidance. We are seeing it throughout the government because the primary goal of this administration is to dismantle so that it can be reformed for their benefit.
It's more of a "break fast and move things" approach.
The EU Cyber Resilience Act, which is now in effect (but not fully enforced until 2027/2028), has additional details and also includes a reporting requirement (articles 14, 15, and 16).
>>>and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.
You mean the 24 hour period where people freaked out and assumed things that weren't true? The renewal came down to the wire just like most do during negotiations...MITRE tossed the news out there to stir up concerns but it was all just sensationalized. A "funding lapse" is not the same as "contract not renewed yet"...
"This comes after the Feds decided not to renew their long-standing contract with nonprofit research hub MITRE to operate the CVE database." [1]
Doesn't seem like an untrue assumption. Feds decided not to renew the contract, people got upset, and later the feds decided to renew the contract the night it would expire [1].
This is like saying Y2K is a nothingburger because people updated the code to handle more than 2 digit years. It's because of the people getting upset that triggered a preventative measure preventing the problem. It's just the superman movie [2], if the kid just listened to clark kent then superman would've never been necessary.
Review Peter Allor's comments...struggles on who pays and who should be the long term controller of this program was what led to the push right up to the last minute. As usual in government if you don't push hard enough nothing will change...and I still see nothing from CISA regarding their views on what happened...all we see is conjecture from MITRE and joy because they got their $$$.
I’m very torn. Obviously USAID, NSF and academia in general do valuable things. But when organizations get hijacked and used as a slush fund to fund naked ideological activities and organizations barely related to the original purpose, I’m not surprised when the eventual response is to just hack and slash. I wish it was done more thoughtfully and carefully, but that doesn’t appear to be a choice. Just a choice of funding hostile NGOs and academics who endorse discrimination in education, employment, health care and even law nowadays or the current mess. It all sucks and I don’t have any solutions other than focusing on my career and family.
I haven't seen any reasonable evidence on this. I'm not saying that evidence doesn't exist, it's just everything that I've heard so far as been debunked. The current administration has been shown to lie and exaggerate over and over to justify these actions so I don't know why anyone would assume they're telling the truth about this.
Educational institutions that have been banned from practicing racial discrimination in admissions (such as all public universities in California since the 90's) have insisted on continuing to find other ways to covertly racially discriminate in admissions. It's clear from their actions that racial discrimination in admissions is a fundamental value for these institutions, and they should not receive any taxpayer funding until they stop such disgusting and bigoted behavior.
100% agreed. The best part is nobody ever could provide an explanation for when the beast of bureaucracy would stop being fed. It is just a given that it must grow and grow and grow. Whether you voted for it or not. And don't you dare question it because questioning it is Fascism (from people who have never seen the actual results of real Fascism).
The government could be more efficient, but you have to look at the exact choices being made by the current administration. Why are we heavily taxing trade and the flow of ideas? Why are we dismantling our military with 2 major wars going on? Why are we being soft on financial crimes and crypto scams? Why are we accepting personal gifts from nation states? Why are we micromanaging medical care? Why are we removing our "soft power" influence? Why are we spending our money to "crack down" on people with autism? Why are we using the government's money to fund religious indoctrination?
There is always an argument to make the government more efficient, but I don't think this <gestures> is what anyone really has in mind. People want cheaper eggs, the ability to receive medical care, the ability to stabilize their living situation through property ownership, and a stable job. What are we doing about those things? The reality is that the "machine" has always tried to add stability in those areas, and throwing away the machine isn't making things better for anyone. Like, if we made the government so efficient, why am I still paying 40% of my income in taxes?
When we disappear people to El Salvador without trial, that's fascism, my friend.
The thing with Americans is that they've had it so good for so long they don't even know what bad looks like. People who come from oppressive governments and have lived through it actually do. Notice I never mentioned efficiency in my original post, you assumed that's what I meant. I meant the oppressive nature of just the shear unending growth of the US government and the weight that bears upon it's people, its businesses, and most importantly it's morale.
It's hardly a given. Bureaucracy rarely just forms out of thin air, unless you happen to be the richest man in the world and receive a federal agency to carry out your whims with.
Often it arises from the demands of the public after private interests (many of whom are now excessively capitalized by any definition of that term) have deemed the public need to be inconvenient to their desires to make the maximum possible return on their investments. That, or to prevent tragedies of the commons.
By the way, plenty of people have both had first-hand experience with fascism and call the Trumpist cult by that name. No one's being called a fascist because they want to stabilize the fiscal position of the country's government; they're being called fascist because they say they want that, then hire a guy with no respect for rule of law to do the exact opposite of that.
The idea is to greatly reduce the size of the administrative state and take what used to be functions of government and make them either go away entirely or privatize them.
Whether this is a good idea or not is not what I'm getting at, but yeah, it's a major dismantling of institutions that touch the everyday lives of Americans (and the world).
If you're bringing these US Citizens into your country to get their skills, you want them working in jobs where they'll use their skills; or, you want them creating a startup where they can use those skills.
Requiring a job or getting an approved startup idea are both viable routes in the vast majority of countries in the EU, to my knowledge.
And, if memory serves, most people can get citizenship in those aforementioned countries in 5-6 years if they play correctly; and, many countries allow the US equivalent of a green card in a couple.
It's already pretty easy to move to Europe for knowledge workers.
"Register readers — especially those tasked with vulnerability management — will recall that the US government's funding for the CVE program was set to expire in April until the US Cybersecurity and Infrastructure Security Agency, aka CISA, swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative."
This is a weird headline, because CISA did in fact end up funding NVD.
I wish people cared less about this particular issue, though, because we'd do fine with a non-government-sponsored CVE.
Yeah, this was going to happen regardless of the US.
> The European Union Agency for Cybersecurity (ENISA) first announced the project in June 2024 under a mandate from the EU's Network and Information Security 2 Directive, and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.
Quite so. I would love to see an open sourced CVE database. It is for the public, it should be by the public.
What do you mean? A government service is a public service, by any conventional use of the term. Public/private is orthogonal to open source.
Community-maintained might be a better phrasing.
There's no particular reason a vulnerability database needs to be government-sponsored, and some compelling reasons why it shouldn't be "owned" by one government or another (one being guaranteed continuity even during seasons of change).
Well it certainly did falter (but not cease) due to incompetent leadership and guidance. We are seeing it throughout the government because the primary goal of this administration is to dismantle so that it can be reformed for their benefit.
It's more of a "break fast and move things" approach.
Nothing broke beyond perception. It’s still operating roughly as before right?
Yes, but who in industry is going to expect it to be there in the future given what the current administration is doing?
MITRE could just take the existing database and pass a hat around to industry and keep the current program going.
I will defer to your expertise in that regard, but the company I work for definitely wouldn't pony up in that scenario.
They won't need to. Microsoft or Google could fund it with pocket change. Much bigger projects than the NVD are open and funded by industry.
The is from a 2022 EU directive, well before recent US government actions, it's been developed for quite some time.
TFA doesn't hide or sensationalise that, makes the point that it's timely.
The EU Cyber Resilience Act, which is now in effect (but not fully enforced until 2027/2028), has additional details and also includes a reporting requirement (articles 14, 15, and 16).
>>>and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.
You mean the 24 hour period where people freaked out and assumed things that weren't true? The renewal came down to the wire just like most do during negotiations...MITRE tossed the news out there to stir up concerns but it was all just sensationalized. A "funding lapse" is not the same as "contract not renewed yet"...
"This comes after the Feds decided not to renew their long-standing contract with nonprofit research hub MITRE to operate the CVE database." [1]
Doesn't seem like an untrue assumption. Feds decided not to renew the contract, people got upset, and later the feds decided to renew the contract the night it would expire [1].
This is like saying Y2K is a nothingburger because people updated the code to handle more than 2 digit years. It's because of the people getting upset that triggered a preventative measure preventing the problem. It's just the superman movie [2], if the kid just listened to clark kent then superman would've never been necessary.
[1]: https://www.theregister.com/2025/04/16/cve_program_funding_s...
[2]: https://youtu.be/-ikd_hRnVR4?t=69
Review Peter Allor's comments...struggles on who pays and who should be the long term controller of this program was what led to the push right up to the last minute. As usual in government if you don't push hard enough nothing will change...and I still see nothing from CISA regarding their views on what happened...all we see is conjecture from MITRE and joy because they got their $$$.
It's sad to see the US being dismantled from within.
I’m very torn. Obviously USAID, NSF and academia in general do valuable things. But when organizations get hijacked and used as a slush fund to fund naked ideological activities and organizations barely related to the original purpose, I’m not surprised when the eventual response is to just hack and slash. I wish it was done more thoughtfully and carefully, but that doesn’t appear to be a choice. Just a choice of funding hostile NGOs and academics who endorse discrimination in education, employment, health care and even law nowadays or the current mess. It all sucks and I don’t have any solutions other than focusing on my career and family.
> But when organizations get hijacked
I haven't seen any reasonable evidence on this. I'm not saying that evidence doesn't exist, it's just everything that I've heard so far as been debunked. The current administration has been shown to lie and exaggerate over and over to justify these actions so I don't know why anyone would assume they're telling the truth about this.
I'm out of the loop, can you give some context as to what you're talking about? What were they funding?
[flagged]
https://en.m.wikipedia.org/wiki/Students_for_Fair_Admissions...
Educational institutions that have been banned from practicing racial discrimination in admissions (such as all public universities in California since the 90's) have insisted on continuing to find other ways to covertly racially discriminate in admissions. It's clear from their actions that racial discrimination in admissions is a fundamental value for these institutions, and they should not receive any taxpayer funding until they stop such disgusting and bigoted behavior.
Stop carrying water for them.
https://www.npr.org/2023/06/30/1185226895/heres-what-happene...
[flagged]
100% agreed. The best part is nobody ever could provide an explanation for when the beast of bureaucracy would stop being fed. It is just a given that it must grow and grow and grow. Whether you voted for it or not. And don't you dare question it because questioning it is Fascism (from people who have never seen the actual results of real Fascism).
The government could be more efficient, but you have to look at the exact choices being made by the current administration. Why are we heavily taxing trade and the flow of ideas? Why are we dismantling our military with 2 major wars going on? Why are we being soft on financial crimes and crypto scams? Why are we accepting personal gifts from nation states? Why are we micromanaging medical care? Why are we removing our "soft power" influence? Why are we spending our money to "crack down" on people with autism? Why are we using the government's money to fund religious indoctrination?
There is always an argument to make the government more efficient, but I don't think this <gestures> is what anyone really has in mind. People want cheaper eggs, the ability to receive medical care, the ability to stabilize their living situation through property ownership, and a stable job. What are we doing about those things? The reality is that the "machine" has always tried to add stability in those areas, and throwing away the machine isn't making things better for anyone. Like, if we made the government so efficient, why am I still paying 40% of my income in taxes?
When we disappear people to El Salvador without trial, that's fascism, my friend.
The thing with Americans is that they've had it so good for so long they don't even know what bad looks like. People who come from oppressive governments and have lived through it actually do. Notice I never mentioned efficiency in my original post, you assumed that's what I meant. I meant the oppressive nature of just the shear unending growth of the US government and the weight that bears upon it's people, its businesses, and most importantly it's morale.
I assumed because you didn't say what you meant. Like, what's your proposal?
It's hardly a given. Bureaucracy rarely just forms out of thin air, unless you happen to be the richest man in the world and receive a federal agency to carry out your whims with.
Often it arises from the demands of the public after private interests (many of whom are now excessively capitalized by any definition of that term) have deemed the public need to be inconvenient to their desires to make the maximum possible return on their investments. That, or to prevent tragedies of the commons.
By the way, plenty of people have both had first-hand experience with fascism and call the Trumpist cult by that name. No one's being called a fascist because they want to stabilize the fiscal position of the country's government; they're being called fascist because they say they want that, then hire a guy with no respect for rule of law to do the exact opposite of that.
More of a dismantling-in-place, but still a dismantling.
Where are the arguments for that?
The idea is to greatly reduce the size of the administrative state and take what used to be functions of government and make them either go away entirely or privatize them.
Whether this is a good idea or not is not what I'm getting at, but yeah, it's a major dismantling of institutions that touch the everyday lives of Americans (and the world).
Agreed. This is very clearly laid out in Project 2025, which is guiding this administration's policies.
Currently 42% done
https://www.project2025.observer/
Is it though? pass the popcorn
For most sane people, yes.
If European leaders were quick on their feet and smart, they would be dialing up the "brain-draining" of the US to 11.
What would that look like? I imagine most Europeans don’t want to recreate the United Stated and its personality in their countries, for example.
And many countries already have relatively easy visa processes for skilled workers, which would be what these scientists, developers, etc are.
Importing a bunch of scientists wouldn't 'recreate the US'. A decent number of the scientists are probably not originally from the US anyway.
It'd involve spending money to sponsor research and clear a path for people to come over. Make it really easy.
The brains are not the problem in this scenario.
Fast-tracked citizenship.
What does citizenship actually buy you?
If you're bringing these US Citizens into your country to get their skills, you want them working in jobs where they'll use their skills; or, you want them creating a startup where they can use those skills.
Requiring a job or getting an approved startup idea are both viable routes in the vast majority of countries in the EU, to my knowledge.
And, if memory serves, most people can get citizenship in those aforementioned countries in 5-6 years if they play correctly; and, many countries allow the US equivalent of a green card in a couple.
It's already pretty easy to move to Europe for knowledge workers.
They kinda did already
https://arstechnica.com/science/2025/05/europe-launches-prog...
Not a massive program, but shows there is intent
"Register readers — especially those tasked with vulnerability management — will recall that the US government's funding for the CVE program was set to expire in April until the US Cybersecurity and Infrastructure Security Agency, aka CISA, swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative."
https://en.wikipedia.org/wiki/Washington_Monument_syndrome