June 4, 2024 at 09:04AM
US National Institute of Standards and Technology is addressing the backlog in processing vulnerability reports. NIST’s plan involves a multipronged approach, working with public and private sectors, and updating technology to handle the increasing number of disclosed vulnerabilities. The backlog has been attributed to a combination of resource reductions and increasing workload. Other efforts, such as CISA Vulnrichment, aim to aid in resolving the issue.
Based on the meeting notes, here are the key takeaways:
1. NIST has faced challenges in processing vulnerability reports, resulting in a backlog of cases that need to be addressed.
2. To address this backlog, NIST has awarded a contract to ramp up their processing rates and partnered with CISA to reduce the backlog by the end of the US government’s fiscal year.
3. NIST is working on updating technology and modifying its process to handle the increasing number of vulnerabilities disclosed annually.
4. The backlog is to be tackled through a multipronged approach involving collaboration with public and private sector participants, with a focus on automation, tooling, participation, and updated standards and data specifications.
5. The cause of the bottleneck was a combination of pressures, including reductions in resources and a steady increase in vulnerabilities.
6. Both NIST and CISA are working on projects and partnerships to address the backlog and improve the processing of vulnerability information.
7. There are discussions about establishing a nonprofit foundation through a public-private partnership to ensure appropriate resourcing for critical programs like the NVD.
These takeaways provide a clear understanding of the challenges faced by NIST and the steps being taken to address the backlog and improve vulnerability processing.