this post was submitted on 18 Apr 2025
339 points (99.7% liked)

Technology

69109 readers
3710 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
339
CVE fallout: The splintering of the standard vulnerability tracking system has begun (go.theregister.com)
submitted 4 days ago by Tea@programming.dev to c/technology@lemmy.world
24 comments fedilink hide all child comments
top 24 comments
sorted by: hot top controversial new old
[–] Eyekaytee@aussie.zone 105 points 4 days ago (2 children)

everything the US gov helps funds now has a question mark over whether it'll still be here in 4 years...

[–] hddsx@lemmy.ca 49 points 4 days ago (3 children)

Four years? Boy, you are optimistic

[–] Eyekaytee@aussie.zone 40 points 3 days ago (3 children)

tbf to the US they fund an absolute ton of things, eg. I didn't realise they helped fund lets encrypt and now the CVE database either, I assume it'll be a drip feed of things being cancelled slowly over time as they find them all

[–] nyan@lemmy.cafe 8 points 3 days ago (1 children)

What % of its GDP does the Netherlands have to put into international aid to make seventh place?!

[–] JohnEdwa@sopuli.xyz 3 points 2 days ago* (last edited 2 days ago)

7.4 billion, which is around 0.7% of GDP. 0.66% of GNI.

For comparison, the US might win out on pure billions (~65), but compared to the size of the economy, it uses a whopping 0.24% of the GNI on foreign aid, a figure that is almost certainly going to drop in the near future.

[–] mesamunefire@lemmy.world 5 points 3 days ago (1 children)

The US traditionally has funded quite a few "for the good of the world" programs and aid. At least until recently. Thats a good graph.

[–] Almacca@aussie.zone 1 points 2 days ago

The new overloads can't be having with any of that Helping People nonsense. Not for free, anyway.

[–] oktoberpaard@feddit.nl 1 points 2 days ago* (last edited 2 days ago)

It looks like just the UK, France and Germany combined already add up to more aid with a combined GDP that’s much lower than the US. These kinds of graphs give a distorted picture due to the high population and GDP that the US has.

GDP: http://www.wolframalpha.com/input/?i=gdp+of+uk%2C+france%2C+us+and+germany

Population: http://www.wolframalpha.com/input/?i=population+of+uk%2C+france%2C+us+and+germany

[–] Almacca@aussie.zone 1 points 2 days ago

This shit seems to change by the minute.

[–] catloaf@lemm.ee 11 points 3 days ago (1 children)

It won't be here next year, but it won't be here in four years too.

[–] Eyekaytee@aussie.zone 1 points 2 days ago

thank you mitch hedberg :P

[–] w3dd1e@lemm.ee 27 points 3 days ago (1 children)

I’m don’t trust any .gov sites anymore. If I’m researching and I see that it’s a government site, I move on. I can’t trust that info.

The whole thing is scary

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 13 points 3 days ago

You can kinda trust them if you use an archived version of it from before.

[–] 0xD@infosec.pub 12 points 2 days ago* (last edited 2 days ago) (2 children)

OMG I've been motherfucking looking for this EUVD for the past weeks and only found references and info pages, but never the actual fucking database!! Finally I know it exists.

Why is it hidden? Why does it have that braindead URL? And why, for the love of god, does it have a separate numbering scheme?!

[–] JohnEdwa@sopuli.xyz 10 points 2 days ago* (last edited 2 days ago)

Why does it have that braindead URL?

euvd.enisa.europa.eu -> European Union Vulnerability Database, run by the European Union Agency for Cybersecurity (from the previous name, European Network and Information Security Agency ENISA), hosted on the official website of the european union, europa.eu.

And why, for the love of god, does it have a separate numbering scheme?!

Because they want the ability to reference other vulnerability sources - like JVN - and not just CVE:

The EUVD service builds upon the CVE system and vulnerabilities in the scope of the CVE numbering service receive a CVE. In addition, the EUVD data aggregates and enriches the vulnerability information and lists an EUVD ID on top of the CVE when new vulnerability entries are created. To allow further cross referencing, the CVE identifier and additional vulnerability identifiers are listed when available. -https://euvd.enisa.europa.eu/faq

And because, you know, standards.

[–] SinningStromgald@lemmy.world 2 points 2 days ago

I can only assume the stories about CVE have pushed it to the top but I just search "European vulnerability database" and first link went to the database.

[–] zero_spelled_with_an_ecks@programming.dev 11 points 3 days ago (1 children)

Could it be a good candidate for federation? There's already a few naming standards that would allow a bit of a common ground. And maybe eliminate a few of the big points of failure.

[–] fmstrat@lemmy.nowsci.com 1 points 22 hours ago

Distributed hosting isn't really a problem here, its distributed funding for the staff.

[–] thann@lemmy.dbzer0.com 1 points 3 days ago (1 children)

Im sure DOGE will replace it with a more efficient way for the government to track all of the bugs its computers might be vulnerable to...

[–] bitjunkie@lemmy.world 3 points 3 days ago

…and then send them directly to Putin's cyberwarfare unit.