In what appears to be the latest move in this administration’s total incompetence with regards to critical government tech infrastructure, MITRE announced yesterday that funding had run out f…
Oh yes blockchain the solution to the world’s problem. Provided the world’s problem is that the current solution works too well and we don’t like that.
We need to back this data up but that doesn’t require anything anywhere near as complicated and over-engineered as blockchain, we can just have something as simple as multiple servers.
That works too, but who controls the servers, and how is the authority handled? Backing up the data is one thing, and that can be easily done I believe. But what about for future advisories? They are published via one of the authoritative servers and synced to the other authoritative servers? How is that information verified to ensure bad actors aren’t publishing bullshit information?
I don’t think blockchain is necessarily the answer. The whole thing can just be done with signing keys, yeah?
I know everyone hates on blockchain, but I think its kinda neat and would like to see some cool applications with it one day.
That’s an easy problem to solve you just hash the database. Blockchain is good at solving the problem when you don’t have a reliable central authority but if you do have a reliable central authority there’s no point adding blockchain to it.
And we already have the reliable central authority, we have the original database.
I do not think blockchain would solve any funding issues. Its more so about the information and it’s validity in a decentralized network. I realize blockchain is almost exclusively associated with cryptocoins, but it seems like there should be other use cases for the technology. It would be cool to have a centralized ledger of CVEs where the information is agreed upon by partners; be it various vendors, governments, and institutions.
I am definitely not a blockchain expert, or even a novice. I’m probably closer to the people that don’t know how the regular web works. With the rise of de-centralized/federated social media an communications, I’d think people would be interested in a similar framework for something like the CVE database. I’m not say blockchain is the answer for this issue either, it was just an idea. An idea that people are not big fans of apparently, and that’s fine. I think a different commenter mentioned using git, so there’s another idea.
Regardless of the method, I see de-centralization as a benefit and hopefully other do as well.
And a blockchain helps to solve which part of the problem? Some were working on mirroring all data to a git repository. In theory, that allows for easy access on all the data, versioning (with commits) and - through forks and merge requests - collaboration and distribution. Also git is a distributed repository that clones the whole history to your local drive.
can they put cve on a blockchain? or some publicly auditable distributed database?
its worrisome that all it takes is a funding cut to shut it down.
Oh yes blockchain the solution to the world’s problem. Provided the world’s problem is that the current solution works too well and we don’t like that.
We need to back this data up but that doesn’t require anything anywhere near as complicated and over-engineered as blockchain, we can just have something as simple as multiple servers.
That works too, but who controls the servers, and how is the authority handled? Backing up the data is one thing, and that can be easily done I believe. But what about for future advisories? They are published via one of the authoritative servers and synced to the other authoritative servers? How is that information verified to ensure bad actors aren’t publishing bullshit information?
I don’t think blockchain is necessarily the answer. The whole thing can just be done with signing keys, yeah?
I know everyone hates on blockchain, but I think its kinda neat and would like to see some cool applications with it one day.
That’s an easy problem to solve you just hash the database. Blockchain is good at solving the problem when you don’t have a reliable central authority but if you do have a reliable central authority there’s no point adding blockchain to it.
And we already have the reliable central authority, we have the original database.
deleted by creator
No
deleted by creator
what, that I do not think that?
what are you trying to argue?
deleted by creator
oh no.
You asked me “Do you think they won’t need funding on the blockchain?” No, I don’t think that.
I do think they need funding.
deleted by creator
I do not think blockchain would solve any funding issues. Its more so about the information and it’s validity in a decentralized network. I realize blockchain is almost exclusively associated with cryptocoins, but it seems like there should be other use cases for the technology. It would be cool to have a centralized ledger of CVEs where the information is agreed upon by partners; be it various vendors, governments, and institutions.
I am definitely not a blockchain expert, or even a novice. I’m probably closer to the people that don’t know how the regular web works. With the rise of de-centralized/federated social media an communications, I’d think people would be interested in a similar framework for something like the CVE database. I’m not say blockchain is the answer for this issue either, it was just an idea. An idea that people are not big fans of apparently, and that’s fine. I think a different commenter mentioned using git, so there’s another idea.
Regardless of the method, I see de-centralization as a benefit and hopefully other do as well.
And a blockchain helps to solve which part of the problem? Some were working on mirroring all data to a git repository. In theory, that allows for easy access on all the data, versioning (with commits) and - through forks and merge requests - collaboration and distribution. Also git is a distributed repository that clones the whole history to your local drive.
https://github.com/MITRE-Cyber-Security-CVE-Database/mitre-cve-database
But with the announcement of the cve foundation, I don’t know whether they will really import all the data in this git repository.