[simpaticoder]

>So in what way does this help the American people?

Shutting down Mitre and the CVE is against American interests, both public and private. That said, you can make an argument, one that revolves around cost (was the CVE DB worth $50M a year, especially given its backlog?). The other part of that argument rests on assuming there will be a private or semi-private replacement for the service, that there may be many of them, and therefore they will improve. One might assert, as libertarians do, that every service that's not monopoly of force should be private.

These aren't great arguments. $50M does seem like a lot, and maybe it could be reduced. I'd love to see an actual analysis of their operations rather then just ending the program. The second argument is worse. NIST and NOAA are examples of agencies that punch above their weight in terms of cost/benefit (the CFPB as well), and it seems like for-profit NIST and NOAA doesn't make much sense. But yes its worth considering the pros and cons of publicly funded service versus the private versions, in general. Even a bad argument is better than no argument, and the current admin does not bother to make one.

[JKCalhoun]

You seem to be doing a cost/benefit analysis. The sense we have is that the people doing the dismantling either have not done such an analysis or are at the very least keeping it from the public.

[Suzuran]

They have absolutely done a cost/benefit analysis. It works like this: "If it does not benefit me personally, directly and financially, then it costs too much."

[Yeul]

In my country such things are discussed in parliament during endless sessions about the yearly budget. They are not decreed by a god emperor at a whim.

[skeeter2020]

I find this hard to believe. Every country has various conditions and scenarios where the leader is granted god-like powers. ex: In Canada Trudeau invoked the Emergencies Act for the first time ever during covid. My understanding is that it was intended for 9/11-type actions, not protesters who should have been arrested weeks earlier. What country are you in?

[AlexandrB]

This is not quite correct. The Emergencies Act was preceded by the War Measures Act which was used during WWI and WWII as well as during the "October Crisis"[1].

But yes, the intent is for events that threaten the nation, not protests.

[1] https://en.wikipedia.org/wiki/October_Crisis

[ethbr1]

The nature of extraordinary powers' existence is that they will be used. You'd have thought the Roman Rep^H^H^HEmpire would have taught everyone that.

The only defense is to inalienably assign certain rights/protections to individuals. (Which itself creates issues with their abusing them)

[mrguyorama]

This is rhetorical sleight of hand.

There is no physical force in the universe that causes words written on a government letterhead to mean anything. The exact same government that granted you "inalienable rights" will ignore them when it's corrupted.

There is no way to construct a government such that it CANNOT execute a minority if enough people want that to happen.

The only answer, as it has always been, is to ceaselessly, diligently, and without fail, never vote in people like Trump.

Unfortunately, the republican party has spent every single moment since Nixon's resignation ensuring that the party would never let that kind of thing stop them again.

[dpkirchner]

> was the CVE DB worth $50M a year, especially given its backlog?

This is more or less a common rhetorical argument made by republicans after cutting budgets. The agency (organization, etc) is ineffective now, so we should terminate it, rather than fund it so it may be more effective.

[freeone3000]

It’s a very silly statement as well! Is having a single source of truth and the reference point for every publicly disclosed cybersecurity vulnerability worth $50M/year?

It’s a fucking steal at that price.

[watwut]

It is not even argument that it is ineffective. Large backlog can mean it is ineffective or it can mean that there is more work to do then resources allow. There is no way to distinguish these two without further info.

[soupfordummies]

running the country like vulture private equiteers.

[btbuildem]

> there will be a private or semi-private replacement for the service

It would, by definition as a for-profit entity, cost more and provide less value. That is a guarantee.

[throwawaymaths]

private != for profit.

[Braxton1980]

Maybe we can start a non-profit and everyone contributes to it, perhaps based on income.

[thinkingtoilet]

>$50M does seem like a lot

$50 seems like nothing for a trillion dollar government budget.

[simpaticoder]

I almost edited my comment to anticipate this comment. It is not large compared to the budget. Nothing is. It's large in absolute terms. $50M is a lot of spend compared to most businesses with a similar scope. The product is a database of information other people report, naively it seems like a lot. It doesn't have any of the complexity of most businesses. This is not to minimize the work of fixing messy input, reproducing and properly cataloging vulnerabilities, etc. That budget is ~250 workers (assuming $100k/year with 100% overhead), ignoring infra. More than anything I'm curious how the money is being spent because without knowing that it's impossible to judge whether it's bloated or not.

[thinkingtoilet]

>More than anything I'm curious how the money is being spent because without knowing that it's impossible to judge whether it's bloated or not.

Exactly. And it's totally fair for anyone to question the cost. However, the current administration is destroying things with the precision of a Jackson Pollack painting and no such reflection is happening.

[Braxton1980]

Question the cost how? By saying "is this alot?" Then performing no further investigation to confirm that or make a comparison basically leaving the question open which causes random to assume it's "alot"

[simpaticoder]

I can say "Gee whiz $335M per F-22 seems a bit much!" without being an expert in jets, military equipment, or going into the details of its production. I know a bit more about software so I can safely say something similar about MITRE. The fact that I don't want to spend my time doing (frankly, rather useless since I'm not a journo or in government or influential at all) investigative journalism into the specifics doesn't invalidate my opinion. Random people will read random things into whatever random content they consume; deep in an HN comment thread this is of little concern.

[Braxton1980]

>I can say "Gee whiz $335M per F-22 seems a bit much!..specifics doesn't invalidate my opinion.

You shouldn't and it does invalidate your opinion.

You're an engineer and this is HN so shouldn't making a comparison or judgment be backed up by some factual information?

>The fact that I don't want to spend my time

You don't have to make the comment.

>. Random people will read random things into whatever random content they consume..

Don't you feel that a comment akin to "government be spending alot" is almost like spam considering how often it's mentioned? If you had some information that showed that for what we are talking about then that would be substantial.

[skeeter2020]

I don't support this decision, but it's not like the $50M here is the keystone for the entire budget. It's actually easier to cut the smaller components and looks like progress when you're not making much movement.

[rjsw]

NIST used to punch above its weight, everyone that I know who worked there has left over the last few months.

[fuzztester]

IIRC, expect (Unix automation tool) was developed at NIST by Don Libes, who also wrote the book about it.

I would call that punching about your own weight, if you consider the use and impact of expect:

https://en.m.wikipedia.org/wiki/Expect

https://core.tcl-lang.org/expect/home

[fuzztester]

>about

above. danged autocorrect.

damned if you use it, damned if you don't.

[watwut]

Did they left voluntarily or were let go?

[rjsw]

Not voluntarily.

[Braxton1980]

>. $50M does seem like a lot,

What comparison are you using? What wouldn't be alot for this service?

[titaphraz]

What does it cost to lose the control over it? I'm sure the an equivalent database could be maintained in another country for a lot cheaper, like in China or Russia.

[thesuitonym]

$50 is about $7 per American. Could MITRE be more efficient? Yeah maybe. Probably, even. But cutting off funding entirely isn't the way to make it happen. This decision isn't about saving the American taxpayer money, it's about weaking the US, and it serves exactly one person.

[spott]

There are 150M taxpayers in the US… so $50M is about 33 cents per American…

Unless you know something I don’t.

[tremon]

$50M divided over ~350M people is around 15 cents per citizen per year. Did you use an odd number of Australian signs in your math?

[thesuitonym]

I honestly am not sure what I did. Definitely missed a few zeroes!

[ashoeafoot]

If they write more than two paragraphs for defanging usa == russian.botnik