NIST narrows its National Vulnerability Database priorities to CVEs in CISA's known exploited catalog, to deal with a backlog after its 2024 funding lapse
CyberScoop Matt Kapko
Related Coverage
- NIST Updates NVD Operations to Address Record CVE Growth NIST
- CISA Adds One Known Exploited Vulnerability to Catalog CISA
- NIST cuts down CVE analysis amid vulnerability overload CSO · Maria Korolov
- Risky Bulletin: NIST gives up enriching most CVEs Risky Business · Catalin Cimpanu
- NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions The Hacker News
- NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Help Net Security · Zeljka Zorz
Discussion
-
@hackswithcoffee
Daniel Karistai
on x
NIST changing their priority structure for CVE enrichment is going to have some interesting implications for those who rely on the NVD for risk based decision making. https://www.nist.gov/...
-
@lindseyod123
Lindsey O'Donnell Welch
on x
Update from NIST on how the NVD will operate, as they grapple with “record CVE growth” https://www.nist.gov/... [image]
-
@ericgeller
Eric Geller
on x
Amid an increasing volume of newly reported vulnerabilities, NIST says it will only add detailed info to CVEs in its NVD that meet certain criteria (inclusion in CISA's KEV catalog, use in fed sw, or use in critical sw). It will review requests for others. https://www.nist.gov/..…
-
@ryanaraine
Ryan Naraine
on x
It's amusing how AI can do all the most powerful security things except enriching the CVE database. What a shame this announcement is 😢 https://www.nist.gov/...
-
@tonystark
Tony Stark
on bluesky
Bad timing with Mythos [embedded post]
-
@campuscodi.risky.biz
Catalin Cimpanu
on bluesky
NIST says that besides focusing on enriching only the big bugs, it will also stop providing its own CVSS severity scores for NVD entries, and will now just show the severity score initially assigned by the organization that issued the CVE. — ruh-roh.... some CVSS drama incoming