NIST Transitions to Risk-Based Model for CVE Enrichment Amid Backlog Crisis
Severity: Low (Score: 24.9)
Sources: Thehackernews, Feeds2.Feedburner
Summary
The National Institute of Standards and Technology (NIST) is reforming its management of the National Vulnerability Database (NVD) due to a staggering 263% increase in CVE submissions from 2020 to 2025. This shift will focus on enriching only the most critical CVEs, as NIST acknowledges it cannot keep up with the volume of submissions. The decision reflects a two-year struggle to manage the growing backlog of vulnerabilities effectively. NIST's new approach aims to prioritize resources on the most impactful vulnerabilities, which may affect organizations relying on timely updates for cybersecurity measures. As the trend of increasing CVE submissions is expected to continue, the implications for cybersecurity practices and vulnerability management are significant. Organizations may need to adapt their strategies to focus on high-risk vulnerabilities as NIST limits its enrichment efforts. Key Points: • NIST will now prioritize enrichment of only the most critical CVEs due to a backlog crisis. • CVE submissions surged by 263% from 2020 to 2025, prompting the need for a new management approach. • Organizations must adjust their vulnerability management strategies in response to NIST's changes.