| ▲ | Vox_Leone 7 days ago | |||||||||||||
I think it's time the biggest players in the software industry step up, maybe through a formal consortium. This model would make sense because they benefit the most. Big tech companies rely on CVEs to secure their own products; They have the means. With their massive revenue and dedicated security teams, these companies could easily fund CVE operations. A consortium approach spreads responsibility fairly; Shared responsibility, shared benefits. Security is everyone's problem. | ||||||||||||||
| ▲ | jpleger 7 days ago | parent | next [-] | |||||||||||||
Hahaha, CVE was created because industry refused to track and report on things in a consistent and transparent manner. When given the option, business will almost always choose the easy path, and things like vulnerability management programs will be set back years if not decades when the external accountability goes away. In general, lawyers and CTOs would probably love to see CVE go away or be taken over by industry. Source: been working in security for 20+ years. | ||||||||||||||
| ||||||||||||||
| ▲ | blitzar 6 days ago | parent | prev | next [-] | |||||||||||||
> biggest players in the software industry step up While they are at it maybe chuck $5 to the dev maintaining the open source package that your trillion dollar corporation relies on, that your 50,000 leetcoders can't figure out how to write or live without. | ||||||||||||||
| ▲ | nonrandomstring 7 days ago | parent | prev [-] | |||||||||||||
The last people I am ever going to trust about matters of security is US BigTech. Consortium or not. This idea has no legs. We absolutely need an international cyber threat intelligence network, with many checks, balances and oversights. If we're going to ask "who funds it?" then we need to ask "who really benefits from a technology industry?" | ||||||||||||||