NIST has announced it will cease updates to CVEs published before January 1, 2018, marking them as deferred in its database. This decision is driven by a significant backlog of CVEs, which exceeded 18,000 due to a surge in new submissions. Despite the deferral, NIST will still accept requests for updates if new information emerges. The organization will prioritize newly identified CVEs that are part of CISA's Known Exploited Vulnerability catalogue. The backlog of submissions is expected to continue growing into 2025.
NIST's decision to stop updating older common vulnerabilities, marked as deferred, reflects a resource prioritization strategy amidst rising vulnerability submissions.
NIST will focus on newly discovered CVEs, especially those in CISA's Known Exploited Vulnerabilities list, while managing a significant backlog.
Collection
[
|
...
]