Federal audit finds NIST mismanaged National Vulnerability Database with poor planning and CISA duplication
By
Greg Otto
1mo ago· 4 min readenNews
Summary
A Department of Commerce inspector general audit found that NIST has mismanaged the National Vulnerability Database (NVD) through poor planning, inefficient operations, and duplication of efforts with CISA. The database, which tracks computer security flaws and provides severity ratings, suffers from a massive backlog and operational failures that impact cybersecurity professionals across government and the private sector.
Source
Key quotes
· 3 pulledA Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users.
The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and adds details like severity ratings and affected products.
This information helps cybersecurity professionals across government and the private sector decide
A federal audit reveals NIST's National Vulnerability Database is plagued by poor planning, a massive backlog, and costly work duplication with CISA.
You might also wanna read
NIST Announces Policy Change: National Vulnerability Database to Stop Enriching Most CVEs
The US National Institute of Standards and Technology (NIST) has announced a significant policy change for the National Vulnerability Databa

NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence
Snyk·13d ago

Snyk users don't have to worry about NVD delays
Snyk·2y ago
CISA Warns About Directory Traversal Software Flaws
Packetlabs·1y ago

Audit report finds NDMA underutilised funds
Business Recorder·8h ago
CISA Exposed Its Own Cloud Storage Credentials in Plain Text on Public GitHub Repository
CISA, the U.S. Cybersecurity and Infrastructure Security Agency, left its own cloud storage digital keys (passwords) exposed in plain text o

Comments
Sign in to join the conversation.
No comments yet. Be the first.