Here’s what CVE is, via The Register:

The 25-year-old CVE program plays a huge role in vulnerability management. It is responsible overseeing the assignment and organizing of unique CVE ID numbers, […] so that when referring to particular flaws and patches, everyone is agreed on exactly what we’re all talking about.

It is used by companies big and small, developers, researchers, the public sector, and more as the primary system for identifying and squashing bugs. When multiple people find the same hole, CVEs are useful for ensuring everyone is working toward that one specific issue.

Bruce Schneier wrote much the same thing:

The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities.

And while MITRE, the nonprofit that runs the thing, is at least partly funded by the federal government, that funding is about $29 million a year, which doesn’t even count as a rounding error compared to the bloated size of the federal budget. And the federal government has a stated interest in vuln research. So only complete fucking idiots would mess with it, right?

The problem was that the federal funding came from CISA, which has gotten a lot of unwelcome attention lately from DOGE, a quasi-agency that claims it’ll cut $1 trillion in federal spending per year and is, apparently, run by complete fucking idiots. So naturally, MITRE’s funding just had to go. Another 34,000-odd cuts that size and they’ll have met their goal!

It would be tempting to believe this move was intended to centralize more power in Musk’s hands by disrupting all non-Musk parts of the government at semi-random – with special attention being paid to the techie parts of government, so fewer people in Washington can call out Musk’s bullshit with authority – except that DOGE has already walked it back, even faster than the reversal of its “oops, we just fired the people who maintain America’s nuclear weapons arsenal” brain fart in February.

I guess that in a quasi-agency full of Silicon Valley types, someone would notice a disruption in vuln research that quickly, but still, this is yet another piece of evidence that DOGE in general doesn’t know what it’s doing.

(Analogy time: imagine that you’re trying to remodel a ship by reduce its weight and save on fuel, only to notice that you’re now knee deep in seawater, so that bulkhead you just cut away was probably part of the outer hull and should be put back where it came from ASAP.)

Schneier’s conclusion:

My guess is that we will somehow figure out how to transition this program to continue without the US government. It’s too important to be at risk.