NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities

NIST shifts National Vulnerability Database to risk-based triage as CVE submissions hit record levels

The U.S. National Institute of Standards and Technology today announced an overhaul of how it processes cybersecurity vulnerabilities in its National Vulnerability Database . NIST is abandoning its longstanding goal of fully analyzing every submitted Common Vulnerability and Exposure in favor of a risk-based triage model that prioritizes the most dangerous flaws. The change, which took effect […] The post NIST shifts National Vulnerability Datab…

NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities

The federal agency tasked with analyzing security vulnerabilities is overwhelmed as it and other authorities struggle to keep pace with a flood of defects that grows every year. The National Institute of Standards and Technology announced Wednesday that it has capitulated to that deluge and narrowed the priorities for its National Vulnerability Database. NIST said it will only prioritize analysis for CVEs that appear in the Cybersecurity and Inf…

NIST to limit work on CVE entries as submissions surge

NIST said it will only add details and information to the records of vulnerabilities that meet a certain threshold — changing a longstanding mission to categorize every CVE, which stands for cybersecurity vulnerabilities and exposures.