All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

NIST's CVE Enrichment Cutbacks Reduce Vulnerability Database Coverage and Accuracy

By

Rob Wright

7d ago· 9 min readenNews

Summary

The National Institute of Standards and Technology (NIST) has significantly reduced the number of CVEs receiving enrichment (additional analysis) in its National Vulnerability Database (NVD) since April 2024, due to a severe backlog. New research reveals this cutback is negatively impacting CVE coverage and accuracy, making it harder for security teams to prioritize vulnerabilities effectively. The move has produced mixed results, with fewer CVEs getting the in-depth analysis needed for proper risk assessment.

Source

bskyNIST's CVE Enrichment Cutbacks Reduce Vulnerability Database Coverage and Accuracydarkreading.com

Key quotes

· 3 pulled
In April, the NIST began dramatically reducing the number of CVEs that received 'enrichment,' or additional analysis, from the agency for its National Vulnerability Database (NVD).
The shift was due to a severe backlog in submitted vulnerabilities, which led the NIST to prioritize flaws that, for example, were under exploitation.
New research reveals some concerning trends that could make it harder for security teams to prioritize vulnerabilities.
Snippet from the RSS feed
NIST scaled back on the number of CVEs it selects for in-depth analysis, but the move has produced mixed results.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.