> was the CVE DB worth $50M a year, especially given its backlog?
This is more or less a common rhetorical argument made by republicans after cutting budgets. The agency (organization, etc) is ineffective now, so we should terminate it, rather than fund it so it may be more effective.
It’s a very silly statement as well! Is having a single source of truth and the reference point for every publicly disclosed cybersecurity vulnerability worth $50M/year?
It is not even argument that it is ineffective. Large backlog can mean it is ineffective or it can mean that there is more work to do then resources allow. There is no way to distinguish these two without further info.
This is more or less a common rhetorical argument made by republicans after cutting budgets. The agency (organization, etc) is ineffective now, so we should terminate it, rather than fund it so it may be more effective.