Edit: See other comments. Some CVE board members have posted this on their social media accounts however there's still nothing on any official CVE channels. It's a little concerning that this was upvoted to the top of the front page before those comments had been posted given that this is a newly registered domain running on Google sites for something that it says has been in the works for a year.

Original comment:

Why is this being upvoted? There's no reference to it on the CVE website and the domain was only registered after the letter leaked despite the website claiming this was in the works for a year.

Additionally the WHOIS claims that the registrant is "CVE Foundation" which can not be found using the IRS search tool for tax-exempt organisations (note that MITRE does show up here): https://apps.irs.gov/app/eos/

Seconding this. A program like CVE still has to be built on (to some extent, and at least in the initial stages) traditional, non-cryptographic trust.

Who runs this thing? Who's funding it? Who's reviewing, testing, and approving the reports? Assigning them IDs?

I'm hoping for the best, and I'm willing to give the benefit of the doubt because of the frankly crap timing around this whole mess, but on its face, in its current state, I wouldn't trust this org at all.

We're all just happy to see it.