NIST announced on Wednesday that it will be receiving outside help to get the National Vulnerability Database back on track within the next few months.
The organization informed the cybersecurity community in February that it should expect delays in the analysis of Common Vulnerabilities and Exposures identifiers in the NVD, saying that it was working to establish a consortium to improve the program.
While looking for long-term solutions to this problem, the agency has been prioritizing the analysis of the most serious vulnerabilities.
In its latest update, shared on May 29, NIST said it has awarded a contract for additional processing support for the NVD. The name of the company that got the contract has not been disclosed.
Regarding the backlog of unprocessed CVEs, NIST noted that it's also working with the cybersecurity agency CISA to add the unprocessed vulnerabilities to the database.
The organization expects to clear the backlog by the end of the fiscal year.
The government's fiscal year ends on September 30.
SecurityWeek spoke to several experts in April about the issues surrounding the NVD and why it can no longer be considered a single central source of vulnerability truth.
An analysis conducted recently by vulnerability management firm VulnCheck showed that of the 12,720 security flaws added to the NVD since February, 11,885 have not been analyzed or enriched with critical data.
More than half of vulnerabilities known to have been exploited in attacks have yet to be analyzed.
CISA announced recently the launch of a new project named Vulnrichment, which aims to add important information to CVE records in an effort to help organizations improve their vulnerability management processes.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 30 May 2024 15:43:05 +0000