The world really needs to work on decoupling their dependency on the US especially for something this vital. This should already have been a UN funded and run program at a minimum.
deleted by creator
It’s the fascists playbook but the fucker can’t read properly.
can they put cve on a blockchain? or some publicly auditable distributed database?
its worrisome that all it takes is a funding cut to shut it down.
Oh yes blockchain the solution to the world’s problem. Provided the world’s problem is that the current solution works too well and we don’t like that.
We need to back this data up but that doesn’t require anything anywhere near as complicated and over-engineered as blockchain, we can just have something as simple as multiple servers.
That works too, but who controls the servers, and how is the authority handled? Backing up the data is one thing, and that can be easily done I believe. But what about for future advisories? They are published via one of the authoritative servers and synced to the other authoritative servers? How is that information verified to ensure bad actors aren’t publishing bullshit information?
I don’t think blockchain is necessarily the answer. The whole thing can just be done with signing keys, yeah?
I know everyone hates on blockchain, but I think its kinda neat and would like to see some cool applications with it one day.
That’s an easy problem to solve you just hash the database. Blockchain is good at solving the problem when you don’t have a reliable central authority but if you do have a reliable central authority there’s no point adding blockchain to it.
And we already have the reliable central authority, we have the original database.
deleted by creator
No
deleted by creator
what, that I do not think that?
what are you trying to argue?
deleted by creator
oh no.
You asked me “Do you think they won’t need funding on the blockchain?” No, I don’t think that.
I do think they need funding.
deleted by creator
And a blockchain helps to solve which part of the problem? Some were working on mirroring all data to a git repository. In theory, that allows for easy access on all the data, versioning (with commits) and - through forks and merge requests - collaboration and distribution. Also git is a distributed repository that clones the whole history to your local drive.
https://github.com/MITRE-Cyber-Security-CVE-Database/mitre-cve-database
But with the announcement of the cve foundation, I don’t know whether they will really import all the data in this git repository.
