Read more analysis about the NVD vulnerability backlog:
- NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold
- NIST Unveils New Consortium to Operate National Vulnerability Database
- CISA Launches Vulnrichment Program to Address NVD Challenges
A majority of currently exploited software vulnerabilities are missing from the US National Vulnerability Database (NVD), a new VulnCheck report has found.
In the report published on May 23, the software security provider showed that 30 out of 59 known exploited vulnerabilities (KEVs) registered since February 12 have not yet been analyzed by the NVD team.
In total, 50.8% of KEVs are missing critical metadata.
Software vulnerabilities are added to the KEV list by the US Cybersecurity and Infrastructure Security Agency (CISA) when their analysts have confirmed they were exploited in the wild. CISA prioritizes these vulnerabilities and recommends organizations address them immediately. Inclusion in the KEV list often comes with a deadline for remediation.
VulnCheck KEVs comprise CISA KEVs and the security firm’s own account of exploited vulnerabilities.
No tags.
