May 30, 2024 at 11:16AM
NIST is seeking outside assistance to address a backlog of unprocessed vulnerabilities in the National Vulnerability Database (NVD), with plans to improve processing rates and implement long-term solutions. CISA is collaborating with NIST to address the backlog, and a new project named Vulnrichment aims to enhance CVE records for improved vulnerability management.
From the meeting notes, it’s clear that NIST is taking significant steps to address the backlog of vulnerabilities in the National Vulnerability Database (NVD). NIST has announced that it will be receiving outside help to improve the processing rates and clear the backlog within the next few months.
Additionally, NIST is working with the cybersecurity agency CISA to add unprocessed vulnerabilities to the database and aims to clear the backlog by the end of the fiscal year, which ends on September 30.
It’s also noteworthy that significant efforts are being made to address the increasing volume of vulnerabilities through technology and process updates, with a long-term goal of building a sustainable program to support automation of vulnerability management, security measurement, and compliance.
Furthermore, there are industry initiatives such as Vulnrichment by CISA to enrich CVE records with important information, aiming to improve organizations’ vulnerability management processes.
These actions and initiatives indicate a strong commitment from NIST and its partners to address the backlog and improve the overall effectiveness of the NVD in providing reliable vulnerability information to the cybersecurity community.