FOR IMMEDIATE RELEASE
April 16, 2025
CVE Foundation Launched to Secure the Future of the CVE Program
[Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a
I think you might be overestimating how complex the system is. This isn’t collaborative, and it’s barely even dynamic. It’s essentially bookkeeping around a list of numbers and a zip file of text documents.
There’s additional data attached relating to not just the vulnerability, but exploitation and the system configuration that’s known to be exploitable.
Up until now it was benign, as well as entirely unavoidable, for so much of the infrastructure of the Internet to be closely tied to the US government.
I think you might be overestimating how complex the system is. This isn’t collaborative, and it’s barely even dynamic. It’s essentially bookkeeping around a list of numbers and a zip file of text documents.
https://github.com/CVEProject/cvelistV5/archive/refs/heads/main.zip
The reporting of the issues is already done by other people, they just rely on a central group to keep the numbers from colliding.
https://www.cve.org/CVERecord?id=CVE-2025-3576
Not a whole lot there.
Significantly more worrying is the nvd.
https://nvd.nist.gov/vuln/detail/CVE-2025-31161
There’s additional data attached relating to not just the vulnerability, but exploitation and the system configuration that’s known to be exploitable.
Up until now it was benign, as well as entirely unavoidable, for so much of the infrastructure of the Internet to be closely tied to the US government.