Summary: The National Institute of Standards and Technology (NIST) will mark all Common Vulnerabilities and Exposures (CVEs) published before January 1, 2018, as ‘Deferred’ in the National Vulnerability Database (NVD) due to prioritization needs. This indicates that NIST will no longer prioritize updates for these older CVEs, except those listed in CISA’s Known Exploited Vulnerabilities catalog. The shift aims to provide clarity on which CVEs are actively managed as the organization addresses a growing backlog in vulnerability assessment.
Affected: National Institute of Standards and Technology (NIST), National Vulnerability Database (NVD)
Keypoints :
- CVEs published before January 1, 2018, will be marked as ‘Deferred’ in the NVD.
- NIST will no longer prioritize updates for these old CVEs unless included in CISA’s KEV catalog.
- The backlog of CVE entries has prompted NIST to explore new systems and technologies, including AI, for efficient processing.
Source: https://www.securityweek.com/nist-puts-pre-2018-cves-on-back-burner-as-it-works-to-clear-backlog/