A Department of Commerce inspector general report says NIST has mismanaged the National Vulnerability Database through poor planning, inefficient enrichment work, duplicated efforts with CISA, and weak communication with users. The backlog of unprocessed vulnerabilities has grown sharply since the enrichment contract lapsed in February 2024, prompting six recommendations for NIST to improve the NVD. #NIST #NationalVulnerabilityDatabase #CISA #CVE
Keypoints
- NIST has failed to properly manage the National Vulnerability Database backlog.
- The backlog grew from about 13,000 to more than 27,000 unprocessed vulnerabilities.
- NIST spent most of its effort on severity scores and affected-product identification.
- CISA’s Vulnrichment program duplicated work done by NIST analysts.
- The inspector general urged NIST to improve planning, coordination, efficiency, and communication.
Read More: https://cyberscoop.com/nist-nvd-audit-mismanagement-duplication/