> However, in an updated statement, the agency revealed it intends to maintain the database in a bid to prevent a lapse in CVE services.
> “The CVE Program is invaluable to the cyber community and a priority of CISA,” a spokesperson said.
> “Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
> "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."
> WASHINGTON, April 16 (Reuters) - U.S. officials have said at the last minute that they're extending support for a critical database of cyber weaknesses whose funding was due to run out on Wednesday.
> The planned lapse in payments for the MITRE Corp's Common Vulnerabilities and Exposures database spread alarm across the cybersecurity community. The database, which acts as a kind of catalog for cyber weaknesses, plays a key role in enabling IT administrators to quickly flag and triage the myriad different bugs and hacks discovered daily.
My {conspiracy | belief | suspicion} is that this was something that as part of the DoD they saw "Mitre Corporation" and that organization's relationship with MIT and were pulling funding for anything "elite liberal academia" (even distantly related) combined with the "we're pulling back from anything cybersecurity" ( https://news.ycombinator.com/item?id=43228029 ). (edit) I've run out of invocations of Hanlon's Razor and it needs a long rest before its recharged. (/edit)
I don't believe it was a mistake - they wanted to pull its funding (and still intend to do). Note the wording of the statement:
> Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services.
We are now in the option period.
At some point in the future, that option period will expire.
The option is common (its particulars of the award is at https://www.usaspending.gov/award/CONT_AWD_70RCSJ24FR0000019... ). The fact that the option needed to be done rather than DHS continuing to support CVE and related programs is an abandonment of the responsibilities of the organization to try to keep computer systems secure.
A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.
Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security (DHS) to develop and oversee the implementation of binding operational directives.
Federal agencies are required to comply with DHS-developed directives.
...
Remediate each vulnerability according to the timelines set forth in the CISA-managed vulnerability catalog. The catalog will list exploited vulnerabilities that carry significant risk to the federal enterprise with the requirement to remediate within 6 months for vulnerabilities with a Common Vulnerabilities and Exposures (CVE) ID assigned prior to 2021 and within two weeks for all other vulnerabilities. These default timelines may be adjusted in the case of grave risk to the Federal Enterprise.
If there's no catalog that the government is maintaining for "these things need to be fixed to run on federal systems" ... then how do you ensure that the federal computers are secure?
I would feel a lot better about my skills knowing that bigballs also had difficulty figuring out what the correct syntax for this particular engine's version of \w and how many layers of backslash escapes are needed.
Assuming this is the correct contract, which it appears to be, it had an option period starting today through March of next year. DHS just needed to exercise the option.
Most of these issues will be ring true to lots of folk using Iceberg at the moment. But this does not:
> Yet, competing table formats like Delta Lake and Hudi mirror this fragmentation.
[ ... ]
> Just as Spark emerged as the dominant engine in the Hadoop ecosystem, a dominant table format and catalog may appear in the Iceberg era.
I think extremely few people are making bets on any other open source table format now - that consolidation has already happened in 2023-2024 (see e.g. Databricks who have their own competing format leaning heavily into iceberg; or adoption from all of the major data warehouse providers).
Microsoft is right now making a huge bet on Delta by way of their “Microsoft Fabric” initiative (as always with Microsoft: Is it a product? Is it a branding scheme? Yes.)
They seem to be the only vendor crazy enough to try to fast-follow Databricks, who is clearly driving the increasingly elaborate and sophisticated Delta ecosystem (check the GitHub traffic…)
But Microsoft + Databricks is a lot of momentum for Delta.
On the merits of open & simple, I agree, better for everyone if Iceberg wins out—as Iceberg and not as some Frankenstandard mashed together with Delta by the force of 1,000 Databricks engineers.
The only reason Microsoft is using Delta is to emphasize to CTOs and investors that fabric is as good as databricks, even when that is obviously false to anyone who has smelled the evaporative scent of vaporware before.
Very different business, of course, but Databricks v. Fabric reminds me a lot of Slack v. Teams.
Regardless of the relative merits now, I think everyone agrees that a few years ago Slack was clearly superior. Microsoft could have certainly bought Slack instead of pumping probably billions into development, marketing, discounts to destroy them.
I think Microsoft could and would consider buying Databricks—$80–100B is a lot, but not record-shattering.
If I were them, though, I’d spend a few billion competing as an experiment, first.
I agree. If the anti-trust regime had been different Microsoft would have bought Databricks years ago. Satya Nadella has surely been tapping his foot watching their valuation grow and grow.
The Trump folks have given mixed messages on the Biden-era FTC; I'd put the odds that with the right tap dancing (sigh) Microsoft could make a blockbuster like this in the B2B space work.
It’s part of GDPR. I’ve been given training on it at all (3) companies I’ve worked for and training has always included what constitutes a breach and what to do.
I would hope any company would treat it as an incident rather than just a bug where senior enough folks would be involved to know what their responsibilities are.
Or "Curated list of useful resources for Node-RED", as the subtitle is on this page. Even "awesome node-red" doesn't really say anything about the content.
It's a bit like 'Polite Notice' - I'll decide how polite your notice is myself thanks!
Even if one word is desired, wouldn't 'ecosystem' be so much better? (I realise that's a corruption of its meaning, but it's a now widespread meaning anyway.)
Isn’t the point of “polite notice” that it looks very much like “police notice” when glancing quickly? That is certainly how it is abused by horse riders on the road around here.
Oh, maybe. I was thinking of 'please refrain from smoking outside the designated area' and similar, I thought it was a (crap) attempt at making the signage politer and less like an order (which of course it was) - but then I was a young naif when designated indoor smoking areas where allowed anyway!
The marathon plus's are quite a bit more durable IME. And my sister and brother in law literally cycled fron UK -> singapore without a single puncture between them.
My mistake, Marathon Plus is what I have (just looked at my bike). My point is that anecdotes don't prove much, except that these tires are not invulnerable.
https://www.forbes.com/sites/kateoflahertyuk/2025/04/16/cve-...