NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), the agency has announced on Wednesday.
They also aim to clear the NVD backlog of unprocessed CVEs by the end of the fiscal year (i.e., September 30).
NVD’s problems became obvious in February
The NVD started slowing down its CVE enrichment efforts earlier this year, and NIST confirmed that they are working on a multi-pronged solution that will include improved tools and methods, as well as establishing a consortium that will help addressed various challenges.
Tanya Brewer, program manager at the NVD, said in April that the NVD program is considering many changes to improve software identification, automate (some) CVE analysis activities, make NVD data more easy to “consume” and customize, develop capabilities to publish additional kinds of data (e.g., EPSS scores), and more.
A few weeks later, the Cybersecurity and Infrastructure Security Agency (CISA) started a CVE “vulnrichment” program, to help bridge the current gap.
NIST hard at work
On May 20, NIST said that the NVD has started ingesting CVE 5.0 and CVE 5.1 records for CVEs on an hourly basis. Ten days later came this latest and welcome promise: the NVD will be completely back on track by the end of September.
More welcome news is that NIST does not plan to hand over NVD’s rains.
“With a 25-year history of providing this database of vulnerabilities to users around the world and given that we do not play an enforcement or oversight role, NIST is uniquely suited to manage the NVD. NIST is fully committed to maintaining and modernizing this important national resource that is vital to building and maintaining trust in information technology and fostering innovation,” the US Department of Commerce agency said.
“NIST is also working on ways to address the increasing volume of vulnerabilities through technology and process updates. Our goal is to build a program that is sustainable for the long term and to support the automation of vulnerability management, security measurement and compliance.”
source: HelpNetSecurity
Free security scan for your website
Top News:
Google Chrome uses AI to analyze pages in new scam detection feature
December 21, 2024CISA orders federal agencies to secure Microsoft 365 tenants
December 18, 2024Recorded Future CEO applauds "undesirable" designation by Russia
December 19, 2024Five lesser known Task Manager features in Windows 11
December 25, 2024DDoS Attacks Surge as Africa Expands Its Digital Footprint
December 26, 2024