>So in what way does this help the American people?
Shutting down Mitre and the CVE is against American interests, both public and private. That said, you can make an argument, one that revolves around cost (was the CVE DB worth $50M a year, especially given its backlog?). The other part of that argument rests on assuming there will be a private or semi-private replacement for the service, that there may be many of them, and therefore they will improve. One might assert, as libertarians do, that every service that's not monopoly of force should be private.
These aren't great arguments. $50M does seem like a lot, and maybe it could be reduced. I'd love to see an actual analysis of their operations rather then just ending the program. The second argument is worse. NIST and NOAA are examples of agencies that punch above their weight in terms of cost/benefit (the CFPB as well), and it seems like for-profit NIST and NOAA doesn't make much sense. But yes its worth considering the pros and cons of publicly funded service versus the private versions, in general. Even a bad argument is better than no argument, and the current admin does not bother to make one.
You seem to be doing a cost/benefit analysis. The sense we have is that the people doing the dismantling either have not done such an analysis or are at the very least keeping it from the public.
> was the CVE DB worth $50M a year, especially given its backlog?
This is more or less a common rhetorical argument made by republicans after cutting budgets. The agency (organization, etc) is ineffective now, so we should terminate it, rather than fund it so it may be more effective.
What does it cost to lose the control over it? I'm sure the an equivalent database could be maintained in another country for a lot cheaper, like in China or Russia.
$50 is about $7 per American. Could MITRE be more efficient? Yeah maybe. Probably, even. But cutting off funding entirely isn't the way to make it happen. This decision isn't about saving the American taxpayer money, it's about weaking the US, and it serves exactly one person.
It doesn't. It's a side-effect of the populist right's "human capital" problem. Lots of nefarious theories abound about how this will be used to clamp down on our rights, and that may ultimately happen, but that will merely be a reaction to the consequences of their blundering actions. Today, the conventional wisdom among the Trump administration is these cybersecurity programs are a waste of money and that magically the private sector will swoop in and save us.
We're now all going to experience the high cost of low human capital.
Those who cause the crisis will show up soon to sell the solution, in the form of private ventures that make them a lot of money.
This mirrors a lot the physical destruction of other countries only to come back for "reconstruction" which filled some pockets with unimaginable amounts of money.
My guess is that they were overtly trying to show Russia that we aren’t a direct threat to them anymore in the vain attempt to avoid fighting a two front war in the upcoming global war. Unfortunately, Putin is likely going to keep invading up to Germany’s Fulda Gap. If we’re still a part of NATO, we would have no choice but to declare war.
> Unfortunately, Putin is likely going to keep invading up to Germany’s Fulda Gap
Russia can barely handle a stalemate with Ukraine. They have zero chance offensively against Poland and the Baltics, let alone the full blown might of the EU+UK (which also have independent nuclear weapons in France and to an extent the UK). That doesn't mean that a Polish offensive can march into Moscow, but it doesn't have to for Putin to lose power. He's showing his strongman strong army bullshit to be little more than a paper tiger, and at some point even the nihilistic to death Russians will get tired of the meat grinder for literally no reason.
It saves money on the government budget... or so they think. I doubt that there's anything sinister going on. It's just numbers in a government spreadsheet, and the Trump administration sees money going to projects that benefit people outside the US, regardless of their internal value, and just assumes that it's the US money spend on other nations.
They are not smart enough, well informed enough, nor do they particularly care to educate themselves or listen to other smarter people, they just see a number in the budget which they don't understand, so it can go. I suppose the assumption is that if it's truly important enough, someone will turn it into a business.
I guess that after "In god we trust" on the bank notes, it's now "god helps those who help themselves" for the rest.
> The phrase is often mistaken as a scriptural quote, though it is not stated in the Bible. Some Christians consider the expression contrary to the biblical message of God's grace and help for the helpless, and its denunciation of greed and selfishness.
The phrase “he who does not work, does not eat” was never intended by its author to be applied to those who were physically incapable of working. You might say otherwise, but Saint Paul had been a very traditional adherent of the Jewish faith, which had required farmers to leave portions of their harvest for the poor and destitute. The idea that he thought those who were physically incapable of working should not eat is absurd. It is unlikely he had a change of heart on this matter after his conversion to Christianity given that he had viewed Christianity as the continuation of Judaism.
Anyway, I always thought the phrase “God helps those who help themselves” meant you had to do a bare minimum within your capability to take care of yourself if you want help. I think it is a corruption to claim the phrase “God helps those who help themselves” in any way implies that God does not help those who are incapable of helping themselves.
I feel like, despite the apochrycality of it, there’s a theologically-valid interpretation of the quote: namely, the same principle behind putting on your own breath mask first on a plane in an emergency.
The Bible-compatible spin on this might be something like: if you don’t “help yourself” in the absolute strictest sense — feeding yourself, say — but only set out to help others, then you will fail to help others, as your body will fail you before you’ve done a single useful thing. It is not sainthood, not martyrdom, to refuse to do the small work required to accept the “gifts of God” (like a breath mask that keeps you alive long enough to do the work required to save your own children.)
I'm not endorsing it, but it's roughly consistent with Trump's underlying philosophy that the international systems that USG manages are a subsidy from the US taxpayer to the rest of the world, and one which goes unappreciated. Under this premise, the USG would save money at little cost if they were replaced by industry consortiums or other countries' state initiatives. If my extrapolation is correct, even GPS might eventually be in the line of fire.
I need to be clear that I do not endorse this view. The role of the United States in facilitating global cybersecurity, not to mention navigation, trade among much else, almost surely pays dividends far beyond what it costs us. The amount of international goodwill that the United States enjoys is remarkable particularly in light of our various foreign policy "mistakes", and I think we have these systems to thank.
id agree with cybersecurity, but maybe not navigation? Even accounting for secondary effects, Currently supporting free navigation, especially in the Indian ocean and red sea mostly benefits other country, as the us is ~energy independent.
To play devils advocate here, a thought comes to mind...
Should the US be the one to handle the CVE database globally? The current administration wants to see other parts of the world help carry the load. A little scare could be the push needed to make this either distributed or handled by a coalition. This could be a positive for the US (who doesn't want to be the sole funder) and for those who don't want the US to have sole control.
As with many other cuts and activities by the administration, it’s not that some programs don’t deserve scrutiny, but that the cuts are careless and shortsighted.
Your premise is flawed. Reframe the question like this: Should the US be the sole arbiter of software vulnerabilities? Absolutely not! But that doesn't mean the US should cut off the spigot. Other countries should start their own version of CVE, so they can check each other's work, and disclose vulnerabilities that certain governments may desire to keep secret.
They get to collaborate with the rest of the world on security instead of relying on their government protecting them. This will push companies that are exposed to lawsuits to up their game and re-organize. And given their exposure to lawsuits, I doubt they'll drop the ball. They can't afford to. This is one area where the private sector should not need a lot of help.
I have a European perspective to this. This isn't as bad as it looks. The rest of the world should in any case not rely on the US federal government for their security. So, there was always going to be some duplication of effort needed here. And given the whole tariff situation, there is of course quite a bit of interest in non US based alternatives to your favorite US based trillion $ companies and their services and lots of companies giving the evil eye to any US based service providers. I've been seeing a lot of that lately with our German customers; especially in the public sector.
Short term mildly disruptive for some companies but not something to panic over.
It helps the American people because they will need to rely on foreign countries for their cyber security?
Heck, those nuclear subs and aircraft carriers are only making the American people less likely the collaborate with the rest of the world on security too.
> And given their exposure to lawsuits, I doubt they'll drop the ball. They can't afford to.
Color me skeptical. How many companies have lost sensitive due to extreme carelessness, time and again? The cost of taking security seriously is greater than the cost of settling after the fact.
I feel like even the biggest data breaches result in little more than victims being offered free credit monitoring.
I have conservative family who only read/watch Fox news, OAN and some conservative meme site called twitchy, which is like if Fox news tried to be dumber.
They don't see this. There is no true reporting. My mom didn't know about the breadth of tariffs. She didn't know about the DJT crypto scam. I've explained signal to her several times (prior to the news, just getting her to use it). She really doesn't understand anything complicated.
She "knows Trump is a jerk" but wants, and I quote, "America for Americans" and for us to put China in its place and to secure the border.
edit: I told my dad "Why do you think America is so powerful and influential? It's because we invest in the world and welcome students into this country. We aren't the center of the world for no reason". He simply replied, "We are the center of the world."
Our country is filled with people like this, incapable of abstract thought and poisoned by lies.
People always like to think their good fortune is because they have some special sauce that others don't have. But they also resent all the obligations that go with it.
Plenty of people in Britain still think the world owes us something, nearly a century after the end of our empire.
Funding is irrelevant and a distraction. Dismantling civil
cybersecurity is a way to expose a population to influence and other
harms that necessitate more "strong-man" solutions later [0,1]. Only
after they've destroyed "cyber defenses" can they claim a crisis and
declare "cybsersecurity is dead, long live the new cybersecurity".
And you can be damn sure it won't be security for you.
Bit of a sparse article. The near-miss of CVE funding is certainly tragic, but there's no mention of how they siphoned data from the NLRB and locked everyone out of their accounts, and give only a quick mention to cutting federal grants for cybersecurity and CISA's funding. There's a lot more ammo out there to show how incompetent the Trump administration and Musk's DOGE team actually is.
Goes into pretty good detail about DOGE employees going out of their way to obscure their activity on NLRB's Azure account. Surely a plus for transparency in government.
> Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure. The attempts were "near real-time," according to the disclosure. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password, according to Berulis.
They're actually quite competent at their real goal, which is not to make America great, but to blow it to smithereens so various titanically rich people can buy everything up, including the land, at rock bottom prices.
The US government is a pretty good steward of this sorta thing. We're generally reliable, can afford to spend a few pennies securing a lucrative international export, and hold platform-owners responsible even when their executives hide or intentionally obfuscate issues for marketing purposes.
Who else can you seriously suggest, knowing the past 10 years of CVE history? Subcontract it to Cisco or Oracle?
Crazy idea: Decentralize the CVE across many nations so that no single organization has the power to eliminate it.
Even if the US doesn't play ball, it's a public database right? Is there anything stopping the UN, EU, UK, Australia, etc from copying it and establishing their own joint CVE?
"The computer is huge, you know, I told Elon the other day, and by the way I was the first one to say this, the computer is tremendous, tremendously important. Baron, you know, he's so good with the computer, and that's what I said many times, you know, good genes, good genes. A friend of mine, great guy, very smart guy, told me the other day, Donald, the computer, and by the way, this is what most people don't realize in our country, [...]"
Readit News
Shutting down Mitre and the CVE is against American interests, both public and private. That said, you can make an argument, one that revolves around cost (was the CVE DB worth $50M a year, especially given its backlog?). The other part of that argument rests on assuming there will be a private or semi-private replacement for the service, that there may be many of them, and therefore they will improve. One might assert, as libertarians do, that every service that's not monopoly of force should be private.
These aren't great arguments. $50M does seem like a lot, and maybe it could be reduced. I'd love to see an actual analysis of their operations rather then just ending the program. The second argument is worse. NIST and NOAA are examples of agencies that punch above their weight in terms of cost/benefit (the CFPB as well), and it seems like for-profit NIST and NOAA doesn't make much sense. But yes its worth considering the pros and cons of publicly funded service versus the private versions, in general. Even a bad argument is better than no argument, and the current admin does not bother to make one.
This is more or less a common rhetorical argument made by republicans after cutting budgets. The agency (organization, etc) is ineffective now, so we should terminate it, rather than fund it so it may be more effective.
It would, by definition as a for-profit entity, cost more and provide less value. That is a guarantee.
$50 seems like nothing for a trillion dollar government budget.
What comparison are you using? What wouldn't be alot for this service?
We're now all going to experience the high cost of low human capital.
This mirrors a lot the physical destruction of other countries only to come back for "reconstruction" which filled some pockets with unimaginable amounts of money.
Russia can barely handle a stalemate with Ukraine. They have zero chance offensively against Poland and the Baltics, let alone the full blown might of the EU+UK (which also have independent nuclear weapons in France and to an extent the UK). That doesn't mean that a Polish offensive can march into Moscow, but it doesn't have to for Putin to lose power. He's showing his strongman strong army bullshit to be little more than a paper tiger, and at some point even the nihilistic to death Russians will get tired of the meat grinder for literally no reason.
It's like a person with muscles witnessing a beating and then when the perpretaror notices, looking away and saying "I didn't see anything!".
They are not smart enough, well informed enough, nor do they particularly care to educate themselves or listen to other smarter people, they just see a number in the budget which they don't understand, so it can go. I suppose the assumption is that if it's truly important enough, someone will turn it into a business.
Dead Comment
> The phrase is often mistaken as a scriptural quote, though it is not stated in the Bible. Some Christians consider the expression contrary to the biblical message of God's grace and help for the helpless, and its denunciation of greed and selfishness.
https://en.m.wikipedia.org/wiki/God_helps_those_who_help_the...
https://biblehub.com/2_thessalonians/3-10.htm
The phrase “he who does not work, does not eat” was never intended by its author to be applied to those who were physically incapable of working. You might say otherwise, but Saint Paul had been a very traditional adherent of the Jewish faith, which had required farmers to leave portions of their harvest for the poor and destitute. The idea that he thought those who were physically incapable of working should not eat is absurd. It is unlikely he had a change of heart on this matter after his conversion to Christianity given that he had viewed Christianity as the continuation of Judaism.
Anyway, I always thought the phrase “God helps those who help themselves” meant you had to do a bare minimum within your capability to take care of yourself if you want help. I think it is a corruption to claim the phrase “God helps those who help themselves” in any way implies that God does not help those who are incapable of helping themselves.
The Bible-compatible spin on this might be something like: if you don’t “help yourself” in the absolute strictest sense — feeding yourself, say — but only set out to help others, then you will fail to help others, as your body will fail you before you’ve done a single useful thing. It is not sainthood, not martyrdom, to refuse to do the small work required to accept the “gifts of God” (like a breath mask that keeps you alive long enough to do the work required to save your own children.)
Deleted Comment
Dead Comment
I need to be clear that I do not endorse this view. The role of the United States in facilitating global cybersecurity, not to mention navigation, trade among much else, almost surely pays dividends far beyond what it costs us. The amount of international goodwill that the United States enjoys is remarkable particularly in light of our various foreign policy "mistakes", and I think we have these systems to thank.
Should the US be the one to handle the CVE database globally? The current administration wants to see other parts of the world help carry the load. A little scare could be the push needed to make this either distributed or handled by a coalition. This could be a positive for the US (who doesn't want to be the sole funder) and for those who don't want the US to have sole control.
I have a European perspective to this. This isn't as bad as it looks. The rest of the world should in any case not rely on the US federal government for their security. So, there was always going to be some duplication of effort needed here. And given the whole tariff situation, there is of course quite a bit of interest in non US based alternatives to your favorite US based trillion $ companies and their services and lots of companies giving the evil eye to any US based service providers. I've been seeing a lot of that lately with our German customers; especially in the public sector.
Short term mildly disruptive for some companies but not something to panic over.
Heck, those nuclear subs and aircraft carriers are only making the American people less likely the collaborate with the rest of the world on security too.
Bin the entire lot
Color me skeptical. How many companies have lost sensitive due to extreme carelessness, time and again? The cost of taking security seriously is greater than the cost of settling after the fact.
I feel like even the biggest data breaches result in little more than victims being offered free credit monitoring.
https://www.newsweek.com/doge-whistleblower-stalked-threaten...
They don't see this. There is no true reporting. My mom didn't know about the breadth of tariffs. She didn't know about the DJT crypto scam. I've explained signal to her several times (prior to the news, just getting her to use it). She really doesn't understand anything complicated.
She "knows Trump is a jerk" but wants, and I quote, "America for Americans" and for us to put China in its place and to secure the border.
edit: I told my dad "Why do you think America is so powerful and influential? It's because we invest in the world and welcome students into this country. We aren't the center of the world for no reason". He simply replied, "We are the center of the world."
Our country is filled with people like this, incapable of abstract thought and poisoned by lies.
Plenty of people in Britain still think the world owes us something, nearly a century after the end of our empire.
Dead Comment
[0] https://cybershow.uk/blog/posts/computer-security-is-a-polit...
[1] https://cybershow.uk/blog/posts/usw/
Goes into pretty good detail about DOGE employees going out of their way to obscure their activity on NLRB's Azure account. Surely a plus for transparency in government.
> Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure. The attempts were "near real-time," according to the disclosure. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password, according to Berulis.
Who else can you seriously suggest, knowing the past 10 years of CVE history? Subcontract it to Cisco or Oracle?
https://www.thecvefoundation.org/
Even if the US doesn't play ball, it's a public database right? Is there anything stopping the UN, EU, UK, Australia, etc from copying it and establishing their own joint CVE?