> This sounds like looking for lemonade in a genocide.

It really doesn't. This level of catastrophising has no point. It would be nice if CVE continued to exist, but it wasn't close to perfect, and perhaps it can continue in another form. There's no particular reason the US taxpayer has to sponsor global security threat tracking any more than any other taxpayer or customer.

This is also a myopic argument against funding standards bodies that support the internet.

The point of having a global, shared database is a single, authoritative (more-or-less), semi-vetted repository that can hold vendor accountable externally without digital amnesia or downplaying issues, and global unique identifiers. If that takes an international nonprofit funded by bits of the free world who are okay with investing in commonwealth infrastructure, so be it. Those who don't understand what they're destroying so casually are ignorant, and possibly evil if they do understand.

> This is also a myopic argument against funding standards bodies that support the internet.

No, it's the opposite. Things like this shouldn't be in the hands of a single government. They should be independent and funded by many parties. The part of your message that isn't catastrophisation is agreeing with exactly what I'm saying.