NVD Program Announcement UPDATED - April, 25th 2024
NIST maintains the National Vulnerability Database (NVD), a repository of
information on software and hardware flaws that can compromise computer security.
This is a key piece of the nation’s cybersecurity infrastructure.
There is a growing backlog of vulnerabilities submitted to the NVD and requiring
analysis. This is based on a variety of factors, including an increase in software
and, therefore, vulnerabilities, as well as a change in interagency support.
Currently, we are prioritizing analysis of the most significant vulnerabilities.
In addition, we are working with our agency partners to bring on more support for
analyzing vulnerabilities and have reassigned additional NIST staff to this task
as well.
We are also looking into longer-term solutions to this challenge, including the
establishment of a consortium of industry, government, and other stakeholder organizations
that can collaborate on research to improve the NVD.
NIST is committed to its continued support and management of the NVD. Currently, we are focused
on our immediate plans to address the CVE backlog, but plan to keep the community posted
on potential plans for the consortium as they develop.
For questions and concerns, you can contact nvd@nist.gov.