NIST Enrichment Reductions Impact CVE Coverage, Accuracy
This article examines the impact of NIST's decision to prioritize enrichment for only a subset of CVEs in the National Vulnerability Database (NVD). While the change helps the agency address a growing backlog by focusing on high-impact vulnerabilities—such as those in CISA's Known Exploited Vulnerabilities (KEV) catalog, federal software, and critical infrastructure—it also leaves many newly disclosed CVEs without NIST-provided CVSS scores, CPE mappings, or additional analysis. Researchers warn that organizations relying heavily on NVD enrichment may face reduced visibility and less accurate vulnerability prioritization, increasing the need for alternative intelligence sources and risk-based vulnerability management practices.
https://www.darkreading.com/vulnerabilities-threats/nist-enrichment-reductions-cve-coverage-accuracy
Comments
Post a Comment