""This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025. We don't expect this trend to let up anytime soon.""
""While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritized categories.""
NIST announced an update to its National Vulnerability Database operations to manage the increasing volume of new CVEs. The update introduces a risk-based model for enriching CVE entries, focusing on those added to CISA's Known Exploited Vulnerabilities catalog and critical software used by federal agencies. The surge in CVE submissions has made it challenging to clear the backlog. New CVEs will be categorized as 'Not Scheduled' for enrichment unless they meet specific criteria, allowing NIST to prioritize critical vulnerabilities effectively.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]