CNAs [1] are assigned blocks of CVEs and then assign from within that block, but the system only works if there is overall administration of the CVE Program [2].
My concern is that a capture of the administration would become a capture of the entire programme. Looking at the structure, it seems possible that CISA are in a position to prevent any such capture but, given some of the recent positions taken by the US government, we'll need to wait and see how that plays out.
My concern is that a capture of the administration would become a capture of the entire programme. Looking at the structure, it seems possible that CISA are in a position to prevent any such capture but, given some of the recent positions taken by the US government, we'll need to wait and see how that plays out.
[1] https://www.cve.org/ProgramOrganization/CNAs
[2] https://www.cve.org/ProgramOrganization/Structure