(844) 627-8267
(844) 627-8267

The Fall of the National Vulnerability Database | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

In the realm of cybersecurity, understanding your biggest vulnerabilities is essential. The National Institute of Standards and Technology (NIST) initially established the National Vulnerability Database (NVD) to provide a centralized hub for cybersecurity vulnerability intelligence — but did so under the assumption of rational actors making rational decisions and coming to rational conclusions. 

While it was never meant to be the end-all-be-all solution, the NVD currently is the most widely used software vulnerability database in the world, with many scanners, analysts, and vendors depending on it daily to determine what software has been affected by a vulnerability. Yet, it recently was revealed that NIST has not enriched vulnerabilities listed in the NVD since Feb. 12 — meaning anyone relying on these reports potentially has been at risk for months.

While it seems abrupt on the surface, this disruption is actually a systemic issue that has evolved over time. Since its inception nearly 25 years ago, three key factors have impacted the NVD’s ability to sufficiently classify security concerns that help the industry prioritize vulnerabilities — and what we’re experiencing now is the result. 

Read the Full Article on Dark Reading


Click Here For The Original Source.

National Cyber Security