The US National Institute of Standards and Technology (NIST) has made a significant announcement regarding the management of the world’s most widely used software vulnerability repository, the US National Vulnerability Database (NVD). Since its inception in 2005, NIST has overseen the NVD, but now, the management of certain aspects will transition to an industry consortium. This decision marks a significant shift in the handling of vital cybersecurity resources.
The official announcement came during VulnCon, a cybersecurity conference hosted by the Forum of Incident Response and Security Teams (FIRST), held from March 25 to 27, 2024. Tanya Brewer, the NVD program manager, disclosed the news, addressing the longstanding speculation surrounding the fate of the NVD.
The transition follows a period of uncertainty and concern within the cybersecurity community. In February 2024, NIST halted the enrichment of Common Vulnerabilities and Exposures (CVEs) data on the NVD website, leading to a backlog of unanalyzed vulnerabilities. This development raised alarms among security researchers and industry professionals, as the NVD plays a critical role in identifying and addressing software vulnerabilities.
The implications of the NVD backlog are profound, potentially impacting the security posture of organizations worldwide. Without timely analysis and remediation of vulnerabilities, companies face increased risks of cyberattacks and da
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: