NIST is rethinking its role in analyzing software vulnerabilities
3 months ago
- #NIST
- #Vulnerability Management
- #Cybersecurity
- NIST is reevaluating its role in analyzing software vulnerabilities due to increasing demand and concerns about the National Vulnerability Database (NVD).
- The agency is struggling to keep up with the volume of vulnerabilities, leading to a backlog in the enrichment process.
- NIST plans to prioritize vulnerabilities based on factors like known exploits, federal agency usage, and critical software.
- The agency is reconsidering its role in the vulnerability ecosystem and plans to engage with partners to understand their needs.
- NIST aims to transfer vulnerability enrichment work to CVE Numbering Authorities (CNAs) but needs to provide guidance first.
- The agency views this shift as a return to its core functions of research and standards-setting.
- NIST is coordinating with CISA and other international entities like GCVE to avoid duplication and fragmentation in vulnerability analysis.
- An ongoing audit by the Commerce Department’s inspector general is expected to conclude soon.