Some companies are already clueless when it comes to CVE management. Probably won’t see the effects immediately but give it a few more years for new generation of vulns to be created/found and we will be back to early 2000s level security.
Open season on American corporations for domestic and foreign hackers.
If program isn’t brought back then CVE database likely to be fragmented amongst the “private” CVE databases.
Sec Corp A has 700 well documented CVEs but Sec Corp B has 702 CVEs in their database since NIST funding pulled. What do corps do? Maybe some of them with massive budgets setup contracts with both to get “full spectrum coverage”. Maybe other non-technical companies that think of IT as strictly a cost will go with the cheapest or forego it all together.
Who knows maybe we get ~~~free labor~~~ open source community to pick up the slack?
This country with the orange man administration is quickly going to shit. Not in a “I dislike {opposing party} way” either. In a “I dislike authoritarian regimes” way.
Open season on American corporations for domestic and foreign hackers.
If program isn’t brought back then CVE database likely to be fragmented amongst the “private” CVE databases.
Sec Corp A has 700 well documented CVEs but Sec Corp B has 702 CVEs in their database since NIST funding pulled. What do corps do? Maybe some of them with massive budgets setup contracts with both to get “full spectrum coverage”. Maybe other non-technical companies that think of IT as strictly a cost will go with the cheapest or forego it all together.
Who knows maybe we get ~~~free labor~~~ open source community to pick up the slack?
This country with the orange man administration is quickly going to shit. Not in a “I dislike {opposing party} way” either. In a “I dislike authoritarian regimes” way.