In a last minute change, #CISA extended its contract with #MITRE to run the #CVE Program until March 2026 but there are already multiple efforts to create alternative, international versions of the platform outside of the control of the US government
I see a couple online news sources stating that CISA has extended the funding. They are using statements such as the following:
CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
They leave out the sourcing on this. Who said it? How was it said? Via direct email requesting a comment? X post? Was it official or OTR? Like, I believe them but please provide SOME form of indication of provenance when claiming statements are made by the US Gov.
208947 author: Ehay2k@mastodon.social
26 Mar 13:23
tags: #cisa #signal #usgovernment
to: https://cyberplace.social/users/GossiTheDog https://infosec.exchange/users/kchr https://infosec.exchange/users/kimzetter
tags: #cisa #signal #usgovernment
to: https://cyberplace.social/users/GossiTheDog https://infosec.exchange/users/kchr https://infosec.exchange/users/kimzetter
@GossiTheDog @kchr @kimzetter
Nope. Show me where #Signal is approved anywhere within the #USGovernment for official non-public communications.
#CISA is recommending best practices in the absence of any official guidelines: "Organizations may already have these best practices in place, such as secure communication platforms and multifactor authentication (MFA) policies."
And you can bet 100% that everybody in the national security apparatus has official policies and apps. Signal isn't one.
112326 author: ceresbzns@infosec.exchange
22 Nov 2024 23:32
tags: #cisa #cybersecurity #infosec #redteam
tags: #cisa #cybersecurity #infosec #redteam
lol
lmao
Sauce: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
