Security News > 2024 > April > NVD: NIST is working on longer-term solutions

NVD: NIST is working on longer-term solutions
2024-04-03 10:14

"Currently, we are prioritizing analysis of the most significant vulnerabilities. In addition, we are working with our agency partners to bring on more support for analyzing vulnerabilities and have reassigned additional NIST staff to this task as well."

What is NIST NVD and why it's critical for cybersecurity?

While a lag between a CVE being revealed and being published on the NVD has previously been documented, this latest hiccup is worrying: Since the start of the year, the entries for less than half of the CVEs added to NVD have not been enriched by NVD analysts.

A bevy of cybersecurity professionals signed an open letter to the U.S. Congress and Secretary of Commerce, asking them to "Investigate the ongoing issues with the NVD to ensure NIST is provided with the necessary resources to not only resume normal operations of this critical service but to also improve it further to resolve extant issues that preceded the February 2024 service degradation."

NIST says that they are committed to supporting and managing the NVD, and that they are working on longer-term solutions for current problems, "Including the establishment of a consortium of industry, government, and other stakeholder organizations that can collaborate on research to improve the NVD.".

At the VulnCon conference last week, Tanya Brewer, program manager at the NVD, said that the NVD Consortium should be operational within two weeks.

News URL