Every now and then the government decides to fund things. Public schools, roads, police, firemen, GPS, NOAA, cybersecurity, government cheese, etc.

"the government" aka "We the people". It is in all our interest. This is like asking why the government is responsible for roads.

> This is like asking why the government is responsible for roads.

Thought experiment:

If roads were built by private companies, could a Government justify the expense maintaining a database of all the potholes?

Yes, as it would be a public good to everyone to be able to know where the potholes(that aren't profitable to fix for these private companies apparently) are so they can avoid them.

They might take a step back and realize that it would be more cost-effective to just own the roads, in which case your thought experiment ends where we are, because where we are was a place reasoned to(to an extent).

Doesn't the government use those software (private and open source) to handle private information of citizens and other sensitive information? And what about their contractors? That alone justifies maintaining such a database.

Pot holes do not enable fraud, ransom schemes, data breaches, denial of essential services to millions of people, and so on.

National (technological) security?

It's not. The CVE board members include representatives from CrowdStrike, Microsoft, Github Security, LP3, F5, Panasonic, NIST.

Everyone crying about "Oh no! This government institution is going away! Private companies would never do this! They would use it for financial gain!"

Um.... It's already run entirely by private entities via government money. It's the literal definition of a "Public Private Partnership." You know, that way the US government get away with doing a lot of shady stuff via non-government contracts who are totally not state actors /s.