I'm wondering, with the US in the state it's in, and the potential death of some (all? any? no one knows) defense contractors. Combined with the current dramas around CVE/CVSS, is now the time to start replacing the CVE system with something else?