tl;dr: cert.org website closed, redirects into CMU's Software Engineering Institute website which has been running it. No press releases about this, so fears and conspiracies abound.
In the article, it says CERT.org costs $1.8B/y. How is that possible? That sounds bogus to me -- the article doesn't link to the full FOIA response, so it's hard to fact-check. The 2008 budget apparently earmarked $242M for CERT <http://www.zdnet.com/article/federal-budget-recommends-us-ce.... Anyone have more links to factcheck this statement?
No, it's more like 150mm per year from the DoD. the 1.8B number makes sense if you are talking about a decade worth of funding. They also get some funding from private industry.
Seems like not many people from the FFRDC community read or post on HN.
CERT is by far the largest 'department' in the SEI. I'm not sure exactly by what margin, but they probably account for over 50% of the SEI.
Also the funding model isn't quite that straightforward. As an FFRDC they receive a certain static amount every year (in the low millions) as some kind of federal grant. Everything else is income from customer work like you'd find at any other contractor. In terms of revenue, most of the big bucks probably come from DoD and not DHS.
In the article, it says CERT.org costs $1.8B/y. How is that possible? That sounds bogus to me -- the article doesn't link to the full FOIA response, so it's hard to fact-check. The 2008 budget apparently earmarked $242M for CERT <http://www.zdnet.com/article/federal-budget-recommends-us-ce.... Anyone have more links to factcheck this statement?