Re: Americans: that clueless cretin you elected just killed the CVE program :-(

In article <vtun10$1e6l$1@dont-email.me>, chrisq  <devzero@nospam.com> wrote:

On 4/18/25 18:14, Dan Cross wrote:

In article <vttnam$36p3b$1@dont-email.me>, chrisq  <devzero@nospam.com> wrote:

On 4/16/25 13:17, Simon Clubley wrote:

Read for yourself:
>
https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/
>
Of course, now that I have called him a clueless cretin in public means
I am now unlikely to be allowed into the US (_if_ I ever wanted to go now).
>
BTW, Mr Orange, on a related subject, you don't build a chip manufacturing
plant within a year or so.

>
Why doesn't industry fund it, and why do so many people think the
taxpayer should fund everything ?.

 
Because it is in the vital interest of national security, for
one.

>
You really think that government oversight over the process of computer
security and bug fixes will improve the outcome ?, I have my doubts.

I did not say that.  What I said is that having a robust means
to record, track and search computer vulnerabilities is in the
vital national interest, so government funding is entirely
appropriate.

It would make sense to have computer security specialists represented
from the security services, but typical government employees do not have
the required knowledgebase, or awareness, to make any difference. If
the governemnt pay for it, they will want to have influence on what
is a technical process, ideally free of politics.
>
Here in the UK, the majority of government employees tend to be from
arts, history, or ppe backgrounds, zero industry or business
experience, risk averse, and change resistant, resulting in little
or nothing getting done for years. They just get in the way.
>
It's an industry problem, let them sort it out, and pay for it.

Bluntly, it's too important to leave --- at least the funding
side --- to the vagueries and often capricious whims of
industry.

        - Dan C.