My guess is that they’ll be phased out next year. The long-term goal seems to be transitioning the CVE program into something more like an industry-led consortium. (If you did not notice they operate zero budgeting approach: cut everything and if something is very important reverse it. But you cut first and then ask questions.)
It’s worth noting that MITRE is a DoD contractor (with minor contracts from other agencies like this one). Having the CVE program operated by a company funded by the U.S. military raises valid concerns about conflicts of interest—especially in an ecosystem that depends on neutrality and global trust.
MITRE is a Federally Funded Research and Development Center (FFRDC), which is a distinct type of federal contractor with strict conflict of interest regulations. They are owned by the federal government, but operated by contractors and are specifically structured and regulated to minimize conflicts of interest, so are distinct from "private industry" in many regards.
Yes, you are correct, I should have typed "runs". But the point is that MITRE runs the U.S. National Cybersecurity FFRDC that maintains the CVE system, and FFRDCs are deliberately structured to minimize potential conflicts of interest (GP comment) and are definitely distinct from private industry (parent comment).
I am quite hesitant to trust the DOD to keep track of software vulnerabilities.
Some parts are developing and exploiting vulnerabilities.
And given a fresh feed of what people find, and usually a delay from notification until publication, which may sometimes just be a bit longer of a delay, would
allow the DOD to weaponize the vulnerability for their own use as well.
This contract is funded by CISA, which is an agency within the Department of Homeland Security, not DoD. As far as I'm aware, there are no components of DHS with Title 10 or Title 50 authorities to conduct cyber operations, unless you count the Coast Guard but they normally operate under Title 14. So there really should be no conflicts of interest as no one in the DHS is authorized to exploit vulnerabilities as part of cyber operations.
This illustrates a misunderstanding of how CVE functions. It's a repository of data about disclosed vulnerabilities (even if some disclosures are embargoed and not yet published - if anyone but the bughunter and dev team that owns the fix knows about it, it's disclosed :P). The actual vulnerability discovery process is external and done by individual researchers, teams and businesses who report vulnerabilities to the appropriate groups called CVE numbering authorities (CNA) who manage the assignment and publication of CVE data through their scopes. There is not much technical advantage in terms of advance disclosure since the CNA controls what data goes to CVE.
As an example, a CNA like Mozilla, Apple, or Microsoft is unlikely to disclose vulnerability data via CVE until they have remediated the issue or have public guidance, and their embargo processes are likely separate from CVE publication.
I'm the opposite — and I think this might be the "4D chess"† interpretation of this move as well.
In peacetime, I think everyone is generally alright with something centralized like the CVE database.
But in what increasingly seems like the lead-up to wartime... I'm hesitant to trust a CVE database operated or funded unilaterally by a single government — or even multilaterally, if the governments are all ones that all would end up on the same side of a hot war.
(Why? Strategic censorship of reports while the DB's patron takes advantage of the exploit, for one. Such a database becoming a high-priority cyberwar target, for another. Strategic wasting of enemy cybersecurity resources with false announcements, for a third.)
IMHO, the ideal form for the organization managing CVE, is one analogous to IANA and its Regional Internet Registries (RIRs).
IANA slices up the keyspace of IPs to assign to RIRs, and arbitrates disputes — but both at such a high level that their work is effectively in a de-facto state of "done until something comes up". The RIRs do all the actual everyday work.
This means that in a hot war that different RIRs end up on opposing sides of, where at least some of the RIRs can no longer trust the ownership of IANA to act in their best interests, the RIRs can just ignore IANA for a while, and keep on doing their own thing (managing allocations from their previously-agreed parts of the IP keyspace), and everything will still work.
And RIRs that control parts of IP space contended over by opposed states? They can just be split up, under obvious rules (every current allocation goes to the sub-RIR associated with the state that controls the gov/mil/corp/org entity currently holding that allocation.)
That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
And I think that this problem would be obvious to the DoD. Which is precisely why paying to host a single-source-of-truth CVE database loses its lustre when that same DoD is aware that such a split might soon have to happen.
---
† I dislike the term "4D chess", because it implies one chess master who's really good at predicting non-obvious outcomes — rather than an entire military-industrial-complex acting as "see something, say something" inputs to an intelligence apparatus that does a lot of hard work and simulation analyzing potential outcomes, to produce easily-digested suggestions and action items. There just needs to be one guy in the Pentagon / the military / wherever, who realized this and sent a (classified MILNET) email about it.
> That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
Work on supply chain security has lead to the introduction of standardized SBOMs, as an artifact required by some large customers to accompany software binaries. It should be possible to associate each software binary CVE with a vendor SBOM and organization country code. Large multinationals might have geo-specific binaries to confirm with regional regulations like the EU CRA.
You aren’t worried about the conflict of interest with a government run system, given the desire of governments to be able to intercept all communication?
I've seen no sign of long-term goals, much less any mechanisms being put in place for follow-through on those goals.
It seems like people keep making the mistake of believing there's a detailed plan, while all evidence tells us there isn't. I guess it's the normal human tendency to see order in the chaos.
Project 2025 lays out a clear vision for the privatization and decentralization of federal functions. It’s not subtle—it explicitly calls for it.
Separate from whether we support this or not:
Trump is doing—or promising to do—exactly what he said he would. We can disagree with the policies, but it’s not accurate to say he or his team are directionless or incompetent. They have a coherent (if controversial) agenda.
So rather than dismissing them as clueless or idiots, it’s more productive to debate this:
- Why is outsourcing CVE program to private consortia a bad idea?
- Could a model exist where a private consortium is supported by federal grants, but maintains accountability and public interest safeguards?
Actually Trump repeatedly said he didn't know about project 2025. He's so scattered in his campaigning that it's possible to pretty much justify any action as "what he said he would do." But saying executing project 2025 is exactly what he SAID he would do defies all reality. It may be what intelligent observers expected him to do but it is not what he said.
Edit: good lord people I’m not defending Trump I’m saying he lies about everything including that he lied and said he wasn’t going to do project 2025. Read the post I’m responding to!
People have got to learn how to read between the lines with Trump and those around him. When the things he says he is going to do and the things he’s actually doing are exactly the things laid out in project 2025, the connection to the project is immediately clear and establishes that he was lying about knowing nothing about it.
> Actually Trump repeatedly said he didn't know about project 2025
* He said he'd end the war in a day.
* He said he had a better health care plan.
* He said he'd drop the price of eggs.
* ...
* He said lots of things that were not true.
> Actually Trump repeatedly said he didn't know about project 2025.
His exact quote is: "I have nothing to do with Project 2025." Meaning sure - he did not write it. I doubt he read it - it is 900+ pages long document :-)
Anyway, he might fooled some people but I doubt - my understanding was that he is going to follow Project 2025. It is good time to rewatch this: https://www.youtube.com/watch?v=gYwqpx6lp_s
I am certain you can find more than one quote of his relating to Project 2025. In any event this also doesn't disagree with what I said more broadly, which is, he was not forthright about his plan to do exactly what Project 2025 said, so you can't say he's doing exactly what he said. But anyone with a hint of insight could understand that was his plan.
I'm responding to someone who said Trump is doing what he SAID he would do, and that is all I intended to correct.
Trump said he was not going to follow the project 2025 plan.
So you're making two immediately contradictory claims that Trump is doing what he said he would, and is following the project 2025 plan. That's not coherent.
You're suggesting a privatization plan exists, and want to debate its merits, but I see no sign such a plan is being adopted. E.g. who is enacting the plan? When is the comment period? Who do we send our feedback to? You may have a plan, but what does that have to do with the people in charge? If it's not their plan it doesn't matter one bit. Despite your assurances, I see no sign they aren't acting without a plan (or, as you put, as clueless idiots).
> Trump said he was not going to follow the project 2025 plan.
He didn’t convincingly reject it, though, and his distancing was only convincing to people who were looking for an excuse to ignore it with the way he pretended not to know the people behind it when 31 of the 38 authors were members of his first administration, his campaign was in close contact throughout, and he certainly didn’t put much effort into rejecting specific policy proposals.
I think this is a case where different audiences got different messages. The hardcore base knew he was lying since it had all of their red meat issues, informed Democrats knew he was lying because actions speak louder than vague denials (e.g. if you don’t agree with someone’s policies, you wouldn’t let them have a role in your campaign and you’d be able to say what you’d do differently), but he gave the media and casual voters just enough to make it harder for Biden/Harris to land attacks which we now know were fully accurate.
In most of the video clips I saw, he was saying "I don't know anything about that", which could be entirely true. Often I see hints that he's attempting to play the Aes Sedai game of "speak no word that is untrue" but he's too dumb to do it well. Anyway, as an extension, both comments can be true, that Trump himself has no plan and is an idiot, but that his administration is enacting Project 2025.
There seems to be a lot of hay being made over whether Trump is
- deliberately following Project 2025 to the letter, or
- completely ignorant of Project 2025 and not doing what it says
...when it seems very likely that the truth is somewhere between.
Trump himself is doing things the way he always does: in a mixture of long-standing bigotry and idiocy, his own whims, and whatever someone said to him 10 minutes ago (or he saw on Fox & Friends, or whatever).
His administration is heavily populated with people who either helped write Project 2025 or are close with those who did.
DOGE is only loosely connected with the latter, and it's DOGE that has been instrumental in wrecking federal agencies—and while that destruction largely aligns with Project 2025's goals, it's not clear to me that they're specifically following its playbook. Rather, I think they're doing things their own way with high-level guidance from the people who care about Project 2025. It's very possible that their goals could end up conflicting, depending on what Musk wants.
Edit to add: It's also true that Trump said he knew nothing about Project 2025. Whether or not this is true, he said it during the campaign, when Project 2025 had just been widely reported on as a negative thing. I don't think we can read much into Trump's campaign statements intended to publicly distance himself from something he sees as unpopular.
MITRE is a non-profit company that operates Federally Funded Research and Development Centers (FFRDCs), which are owned and funded by the federal government and contracted out to companies like MITRE to operate them.
While MITRE does have contracts with DoD (and many other agencies across the federal government as part of the FFRDCs they operate), they are not the same as a stereotypical DoD contractor as their non-profit status motivates them to work in the public interest.
MITRE is not a DoD contractor. They are a not-for-profit institution committed to the public interest that operates six Federally Funded Research and Development Centers.
... and that industry led consortium will have a board all paid princely sums, and an executive leadership team that is conflicted to the hilt and paid kingly sums, and they will charge exorbitant rents in order to keep the lighthouse lit.
There's flaws with every approach, but I much prefer the approach where this sort of thing is treated as a public good, rather than as yet another soon-to-be walled garden.
I keep thinking of that time Wisconsin's state government privatized a bunch of IT stuff in the interest of "government efficiency", and the cost taxpayers paid for those specific functions increased by several hundred percent while quality of service went down.
At that same time, though, I worked for a contractor that I do believe saved states money compared to doing things in-house. The work we did really required specialists. But no one state had enough of the work to keep one busy all year. So sharing a pool of people to do the work among many states meant there was room for both saving the states money and allowing some profit for the company.
The idea that you can just blanket assume that private industry is inherently more efficient than public works really needs to die. There doesn't seem to be any more evidence to support it than there is to support the idea that it's inherently less efficient. Life just isn't that simple. It's all case by case.
For every example of privatization going wrong, there's least one example (if not two) of it going right.
But serious question -- what is the difference these days anyways? Our entire government is effectively privatized anyways from the local level up to the federal. We rely on contractors for almost everything that matters. We just maintain this facade that they are not privatized.
I’ve never seen one that worked long term. The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive doesn’t hold up - you make something private, it wants to make more profit.
Just for the most ready to hand example for me, PG&E in SF vs public electricity utilities on the peninsula - the privatized electricity costs twice as much per kWh - and of course it does because the PG&E CEO needs to make $17M from somewhere, the share price needs to go up etc. the rich need to skim from the top, that makes the cost higher.
If you have an essential industry the cynical play is to privatize to save cost, then do a bad job and then effectively make your losses public through bail-outs while still making profit.
>The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive doesn’t hold up - you make something private, it wants to make more profit.
No, the basic premise of privatization is that, assuming the product or service has multiple potential customers, private industry can operate at scale which, alongside competition from other companies, drives down the price and the government can purchase it "off the shelf" at the prevailing commercial rate. Those assumptions don't always hold, utilities being a great example of this, but it's not inherently blind or naive to consider privatizing some components of government function. We don't expect the government to operate its own vehicle assembly lines even if the government needs cars; they just go buy one from Ford or GM.
I'd add that that, for this calculus to work out in a straightforward way, a competitive market is necessary but not sufficient. You also need other factors that help drive economies of scale, such as the thing in question being a manufactured good that can be sold to many people, or the production requiring expensive and specialized equipment that can be used for more than just that one thing.
I'm no expert, but I'd guess that these factors are more likely to line up in manufacturing and construction, or even R&D, than they are for things like maintenance of specialized IT systems or administration of services.
> The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive" doesn’t hold up - you make something private, it wants to make more profit.
The government often acts like it has infinite money. Sure, they'll make a lot of noise about the national debt, but it's all just about getting votes.
I expect privatization to be a way for a politician to stuff their pockets. They'll either buy their stock before the large government contract is announced, or the corporation will kick some money back in the form of campaign contributions, or find some way to just give cash directly.
Nobody ever gets charged with insider trading because everyone that would be involved in that is in on it as well.
Would love to see a list on both sides. It is easy to win an argument when you get to gesture at evidence without being specific.
For your question, the difference is if a government spend succeeds, it should lead to more things that the people can do. If a private company succeeds, it largely funds just the company.
And, ideally, it should be fine that both the government/nation gets benefits while rewarding successful contractors. Nothing wrong with that.
This is hilariously viewable with Musk. People love to point out how he risked so much on Tesla. Ignoring all of the capital that the government risked in the same venture.
I am not here to argue for a "side", to win an argument, nor provide a thesis defense with citation and references -- this is an answer you can easily get from ChatGPT. There's quite literally hundreds.
To add a wrench to both "sides" some of the most effective have been state/federal-owned /state/federal controlled corporations -- or generally, arrangements where you still maintain capitalistic economic incentives and drivers, but have government oversight and (effective) regulation. I think everyone would that is good, but sometimes it takes different forms.
Then let me restate, this is an area where you can easily wade along with largely inaccurate information quite easily. I also wasn't necessarily trying to bait you to give a list, though it would be interesting to know which ones you have in mind, specifically. Far too many of us don't have any evidence, we have been duped by trusting that others do.
I took your specific claim to be privatization of government functions having many success stories. I'm still curious which ones you have in mind, but would more largely be interested in studies on this. Nothing wrong with knowing the wrenches in there.
Beside that, though, I was trying to engage your question. The difference is if growth is privatized into a few, or if it is more broadly available. With a large agreement from me that a mixture of both -- your wrench, effectively -- is fine. Good even.
Answer for your serious question: hiring contractors isn’t “privatized” - that’s outsourcing. The thing you’re saving on is the ongoing cost of having permanent staff.
The difference is the government and public entities like mayoral offices or parliaments get to decide how the entity (doing the contracting) is run and approve costs, and the entity is under no obligation to return a profit.
Thanks. It's always a puzzle what to do with threads based on articles that have since been superseded by later developments. Do we start a new thread based on a new article? The new article / thread usually fails to do very well, partly because there just was a big discussion, and partly because hearing about something getting fixed is less interesting and exciting than the original stimulus.
I've been playing recently with putting [fixed] at the end of the original title to indicate this sort of state change to the reader. Not sure if that's the best way, nor if the situation has genuinely been fixed or not, but I guess it's better than nothing. Swapping out the article and title would probably be too much of a rug pull on the existing thread.
The contract expired today, but had an option period through March of 2026. DHS just needed to exercise the option.
Edit: Note the contract ended today April 16 - so performance would stop midnight tonight if the option wasn't exercised. Government contracts routinely go down to the wire like this, and often are late getting exercised. Why the uproar over this one? Did CISA signal to MITRE that they weren't going to exercise the option?
> Did CISA signal to MITRE that they weren't going to exercise the option?
An internal letter sent to CVE board members was making the rounds yesterday warning the current contract ("contracting pathway") would expire. The letter was authenticated by Brian Krebs[0]. Once Krebs authenticated the letter, people more or less assumed CISA was pulling funding, at least based on the infosec social media posts I saw.
CISA officials responded to multiple media inquiries (including the OP) with a statement that more directly said the contract would expire:
Although CISA’s contract with the MITRE Corporation will lapse after April 16, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.[1]
That’s a pretty big leap. Ending a 25-year contract and laying off ~600 employees are two very different scales of impact. While DOGE-related cuts might have influenced some decisions, assuming they directly caused DHS to initially let the CVE contract lapse seems like a stretch. Just because two things happen near each other doesn’t mean one caused the other - this feels more like another chance to take a swing at DOGE, since that’s the bandwagon everyone’s riding right now.
Yes, imagining that the quasi-government organization that is solely tasked with cutting spending might have cut spending at an agency where they are currently cutting spending is a “huge leap.”
What you’re doing is jumping from “DOGE made cuts” to “DOGE killed a 25-year contract” with zero evidence beyond coincidence. That’s not analysis - that’s just reaching. If this were a clean budget cut, the contract wouldn’t have been renewed at the last minute. That kind of flip-flop screams internal disarray or political games, not a calculated DOGE move. You’re not connecting dots, but drawing them in with a crayon and calling it a map.
What I'm doing is drawing a reasonable inference based on the evidence available to me. Specifically:
* The group is question (DOGE) is tasked with cutting spending deemed superfluous or wasteful.
* The group in question is actively cutting spending at the agency in question (CISA)
* The group in question is actively cutting spending with the vendor in question (MITRE)
* The leader of the group in question (Elon Musk) has said, more or less explicitly, that they have a bias more towards cutting spending and less towards getting the spending cuts right. They expect mistakes to be made. (If you want to dispute or nitpick this, I'll link you to the video where he laughs about cutting ebola prevention funding.)
* The boss of the group in question (Trump) really doesn't like CISA. See: the Chris Krebs debacle.
So, that's what I'm doing. What are you doing? It seems to me that you are trying to fit the available facts to your preferred narrative, instead of the other way around. And what does the contract having existed for 25 years have to do with anything? DOGE has admitted to cutting programs that have been funded for far longer. It is completely irrelevant.
What I’m doing is applying basic critical thinking instead of building a conspiracy theory on vibes.
Yes, DOGE is slashing budgets. Yes, CISA and MITRE took hits. That’s all true. And still doesn’t prove DOGE made the call to let the CVE contract lapse and then magically reverse it within hours. If this was a top-down DOGE directive, why the immediate reversal? Did DOGE suddenly change its mind? Or is it more likely that DHS made a blunder, got backlash, and scrambled to fix it? You’re calling your chain of assumptions a "reasonable inference" but here’s what it actually is: guilt by proximity. DOGE cuts here, DOGE cuts there, and now suddenly every erratic government decision is DOGE’s fault? That’s lazy logic.
The fact that the contract lasted 25 years _is_ relevant. It shows that this wasn't some minor side project. CVE is foundational infrastructure. You don’t accidentally let something like that expire unless someone either massively screwed up or there was serious internal confusion.
So no, I’m not ignoring the facts. I’m refusing to pretend correlation equals causation just because it fits the narrative everyone loves right now: "blame DOGE for everything". It’s easy, it’s trendy, and it completely bypasses deeper institutional dynamics.
What am I doing? I’m resisting the urge to jump on that bandwagon. You should try it.
> If this was a top-down DOGE directive, why the immediate reversal? Did DOGE suddenly change its mind?
From the man himself:
“We will make mistakes. We won’t be perfect. But when we make a mistake, we’ll fix it very quickly,” Musk, a Trump-appointed special government employee, said Wednesday in defense of his group’s haphazard cuts while looming over the Cabinet table. “So for example with USAID, one of the things we accidentally canceled—very briefly—was Ebola prevention."[0]
> The fact that the contract lasted 25 years _is_ relevant. It shows that this wasn't some minor side project. CVE is foundational infrastructure. You don’t accidentally let something like that expire unless someone either massively screwed up or there was serious internal confusion.
See previous quote about ebola funding, another long-term government program.
Look, if you want to play this game where because a DOGE spokesperson hasn't directly come out and said "yep, it was us", then I'll point you back to my original post: I said it was reasonable to assume, not that it was proven fact.
But, if you look at the totality of this situation and think 'nope. no way DOGE was involved. This is just people "blaming DOGE for everything"'. Fine. You do you. I don't think there is any point in continuing this conversation.
> Malicious idiots surrounded by sheepish intelligent people.
Prefixing people with "sheepish intelligent" is bound to oversimplify this. Many of the non-DOGE employees who directly see wrongdoing are likely making calculated decisions on what to do. It depends on many factors, including the law and whistleblower protections.
Many of them are responding in various ways that they hope will have an impact. Some resign in protest. Others file lawsuits. Others leak to the press.
Could they do more? Yes. So let's help them.
What can we do? Just to give two relatively middle-of-the-ground recommendations: First, donate to legal-protection funds for whistleblowers. Second, call your representatives and demand reinstatement of the inspectors general.
I don't think that getting rid of most of the people who perform careful cost-benefit analysis and inspect for waste, and switching to a model of just cancelling everything and waiting to see what goes on fire, is "making the country a little better each day".
Actually idiots could still end up make improvements. Won’t stop them from being idiots. But what the commenter is saying is the ones who recklessly cut programs trashing away all the effort that went into the program are idiots. They are trying to make a thriving government have a reputation for failure and unreliability.
Of course! It's easy to forget he was a guard at one of America's most notorious concentration camps, Guantanamo Bay. It's foolish to think of him only as a Fox News personality.
Do you have any evidence for this at all? That they are automatically awarded? We can discuss the low bar that O's seemingly have for earning some awards, but there is no reason to misrepresent the process. And I know at least one person that was awarded a Bronze Star without the V, even thought the award was for a specific valiant action they took, it's tough to say without reading the award or being there.
While anecdotal, every single O3 and higher in my company received one after our OEF rotation, despite spending their entire time on KAF and not at COPs or FOBs.
Here's an excerpt from the Military Times describing changes to awarding criteria:
"The policy changes also seek to tighten the criteria for awarding the Bronze Star specifically, a combat award that can be presented without a “V,” and often was throughout the wars in Afghanistan and Iraq, for “meritorious” performance.
And here's some details about Pete's own awards:
"The first Bronze Star was awarded to Mr. Hegseth for his assignment in Iraq as a rifle platoon leader in Iraq from September 2005 to July 2006. The citation noted his “professionalism and commitment to excellence” while he was with the 101st Airborne Division. He received the second Bronze Star in 2012 after serving as a counterinsurgency instructor in Afghanistan."
I think that's a strawman about my use of the word "automatic"; my point is that it's not indicative of anything special as they were awarded without needing a qualifying event like you'd see with a V device, silver star, LoM, MoH, etc.
Him denigrating fellow soldiers and being grossly unqualified to even communicate properly in his role are also concerns, but somewhat off-topic.
It is not a strawman, you literally said the awards are automatic, which is untrue on it's face. The vast majority of HN users are not veterans, and likely would not know that what you said is untrue.
Typing a comment isn't the same as providing a source; I've provided two that support my claim. You're welcome to try again, but it's too early for bad faith arguments so you won't get any more replies.
You literally misrepresented the truth then provided 2 articles, neither of which backed up you original claim. All because you evidently don't like someone. The only claim I made is that the awards are not automatic, which we both know is true.
Regardless, my source that Bronze Stars are not automatically awarded is AR 600–8–22.
> Prior to 7 January 2016, awards may be made to recognize single acts of merit or meritorious service.
Which corroborates my other claim - including the timing - about the tightening of criteria? Dang. That's wild. Good thing you have a source that you didn't link or apparently read.
What are you talking about? your original statement was that they were awarded automatically, now you are talking about the standards for awarding it, which implies it is not actually automatic. I said In my original response that we could discuss the standards, but your statement that they are automatic for O3-O4 is just plain false. Your sources do nothing to back up your original claim, in fact, they do quite the opposite. No level of snark will make your assertion correct. There is a reason why your original response was flagged, which I had no part in.
My point was that he served in Iraq and has more "real" experience than being a prison guard. This doesn't mean he has enough experience to run the DoD of course, but I wanted to add that because it's misrepresenting a vet who served a deployment.
https://www.forbes.com/sites/kateoflahertyuk/2025/04/16/cve-...
My guess indefinitely.
DOGE might be a bunch of idiots, but in the entire DOD, there are non-idiots.