Tag: NIST

  • NVD Gives Up

    NVD Gives Up

    Since 2024, representatives from NIST’s National Vulnerability Database (NVD) have given a presentation at VulnCon with updates to the program. This has been where news broke about significant changes, admissions, and omissions. The talks, typically 30 minutes, are certainly not enough time to tell us what the industry needs to know and leaves no time…

  • CVE: The Big Vote of No Confidence

    CVE: The Big Vote of No Confidence

    Yesterday, Matt Hartman, CISA Acting Executive Assistant Director for Cybersecurity, issued a statement on the CVE program. Trying to summarize the last several days and what happened is tricky, but you can read my LinkedIn posts as well as countless news articles and folks talking about.  The super tl;dr is that on April 15, a…

  • 2024 NIST / ANALYGENCE FOIA Results

    2024 NIST / ANALYGENCE FOIA Results

    On June 5, 2024, I sent a FOIA request to National Institute of Standards and Technology requesting a copy of the contract between the National Vulnerability Database (NVD) and ANALYGENCE, a contractor that had been retained to help with the NVD backlog. This was one of two trying to determine how much the U.S. Government…