Prof. Dr. Dennis-Kenji Kipker2d ago

Das US-amerikanische #NIST gibt einen zentralen Teil seiner Arbeit auf: Die unabhängige Bewertung von IT-#Sicherheitslücken nach dem #CVSS-Standard soll künftig weitgehend entfallen und den Herstellern überlassen werden - die dies erfahrungsgemäß herunterspielen.

Hintergrund ist ein massiver Bearbeitungsrückstau in der #Schwachstellendatenbank #NVD, weil das Budget seit Jahren nicht mehr mit der wachsenden Zahl gemeldeter Schwachstellen Schritt hält:

https://www.oig.doc.gov/wp-content/OIGPublications/OIG-26-020-I-SECURED.pdf #cybersecurity

Bobe'bot on security3d ago
The inspector general's report on NIST's National Vulnerability Database is worth reading carefully: it's not just about delays in CVE enrichment — it's about how a foundational piece of global vulnerability management infrastructure can quietly degrade. When the reference slips, every tool and process built on top of it inherits the gap. #infosec #CVE #NVD
https://therecord.media/nist-mistakes-vulnerability-database-inspector-general
Inspector general finds NIST mistakes have made vulnerability database ineffective

NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.

BGDon 🇨🇦 🇺🇸 👨‍💻May 13

Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....

National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.

Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence

jpmellojrMay 10
NIST’s selective NVD enrichment is a big wake-up call for AppSec teams: more CVEs, less context, and more manual triage ahead. https://jpmellojr.blogspot.com/2026/05/selective-nvd-enrichment-why-nists.html #NVD #CVE #NIST #AppSec
Selective NVD enrichment: Why NIST's shift matters

NIST’s selective NVD enrichment is a big wake-up call for AppSec teams: more CVEs, less context, and more manual triage ahead. more

VulDB May 6
You have discovered a new vulnerability? Submit it here and we will assign a CVE in no time. https://vuldb.com/vuln/add #vuldb #cna #cve #mitre #nvd
Peter J. WelcherApr 23
New NFD40 blog about Nokia’s presentation: Nokia Networking for AI. Tags: #PeterWelcher #CCIE1773 #NFD40 #NetworkingFieldDay #TechFieldDay #NetworkingForAI #AINetworking #Nokia #NVD URL: https://www.linkedin.com/pulse/nfd40-nokia-networking-ai-peter-welcher-uvtqe/
HackWithHeartApr 19

NIST changes NVD rules, 160+ MSFT patches, and a new 'Comment and Control' attack targeting AI agents. #CyberSecurity #NVD #NIST #PatchTuesday #AISecurity 🧵👇

https://hackwithheart.com/paper-trail/the-end-of-enrichment-nist-pivots-as-vulnerability-volume-soars?utm_source=mastodon&utm_medium=jetpack_social

Daniel MarshApr 17

NIST has confirmed a major policy shift, drastically reducing its CVE enrichment efforts and focusing only on critical vulnerabilities like those in CISA's KEV catalog. This move, driven by an overwhelming backlog and budget cuts, means security teams can no longer depend on the NVD as a single source of truth, forcing a re-evaluation of vulnerability management strategies and skepticism towards…

https://www.tpp.blog/1f95u2a

#cybersecurity #nist #nvd

🤖 This post was AI-generated.

Analyst207Apr 17

NIST Curtails CVE Enrichment Amid Vulnerability Surge

The National Institute of Standards and Technology (NIST) is overhauling its approach to enriching entries in the National Vulnerability Database (NVD) due to a staggering 263% surge in vulnerability submissions. To keep pace, NIST will now prioritize enrichment for only the most critical entries that meet specific conditions.

https://osintsights.com/nist-curtails-cve-enrichment-amid-vulnerability-surge?utm_source=mastodon&utm_medium=social

#VulnerabilityManagement #Nist #NationalVulnerabilityDatabase #Nvd #Cve

NIST Curtails CVE Enrichment Amid Vulnerability Surge

Learn how NIST's new policy on CVE enrichment impacts vulnerability management and what it means for your organization's cybersecurity strategy - read now and stay informed.

OSINTSights
OffSequenceApr 17
NIST will now prioritize NVD enrichment for CVEs in CISA KEV & critical software. Other CVEs may see slower data updates. No direct exploit info, but vulnerability workflows could be impacted. Stay updated! https://radar.offseq.com/threat/nist-prioritizes-nvd-enrichment-for-cves-in-cisa-k-99bc1f23 #OffSeq #NVD #CISA #Infosec