September 26, 2024 at 02:37PM The House committee advanced a bill allowing the NIST to formalize reporting of AI security vulnerabilities, facing funding concerns. The bipartisan AI Incident Reporting and Security Enhancement Act, now at full Congress, mandates NIST to incorporate AI systems into NVD. There’s concern over funding and clarifying certain terms in the … Read more
June 4, 2024 at 10:53AM NIST has faced a significant backlog in processing vulnerability reports, with only 26% being processed this year due to increasing workload and resource reductions. The agency has announced a plan to address the issue, including partnering with CISA and implementing process updates to enhance efficiency. Industry professionals express concerns and … Read more
June 4, 2024 at 09:04AM US National Institute of Standards and Technology is addressing the backlog in processing vulnerability reports. NIST’s plan involves a multipronged approach, working with public and private sectors, and updating technology to handle the increasing number of disclosed vulnerabilities. The backlog has been attributed to a combination of resource reductions and … Read more
June 3, 2024 at 05:53PM NIST extended its contract with Analygence to address the growing backlog in its National Vulnerability Database. The backlog has been increasing since February, with 93% of vulnerabilities submitted remaining unanalyzed. NIST aims to clear the backlog and process current vulnerabilities by the end of the fiscal year. The agency is … Read more
May 30, 2024 at 11:16AM NIST is seeking outside assistance to address a backlog of unprocessed vulnerabilities in the National Vulnerability Database (NVD), with plans to improve processing rates and implement long-term solutions. CISA is collaborating with NIST to address the backlog, and a new project named Vulnrichment aims to enhance CVE records for improved … Read more
May 16, 2024 at 10:10AM The National Vulnerability Database (NVD) initially created by NIST to centralize cybersecurity vulnerability intelligence is now struggling due to various factors. Increased accessibility led to a surge in low-quality reports, with inexperienced researchers seeking recognition and monetary incentives. As a result, the NVD has not updated vulnerabilities since February, highlighting … Read more
April 3, 2024 at 10:12AM The Common Vulnerabilities and Exposures (CVE) List managed by MITRE and the National Vulnerability Database (NVD) overseen by NIST are no longer considered a single reliable source of vulnerability information. Challenges include missing vulnerabilities, false positives, and resource limitations. NIST, acknowledging the backlog, is seeking a consortium to improve vulnerability … Read more
March 22, 2024 at 09:53AM The NIST has drastically reduced the analysis of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database, posing challenges for IT security professionals. The organization’s budget cuts and workload are suspected reasons. The cybersecurity community is concerned about the impact, although alternative sources like Open Source Vulnerabilities are available. … Read more