惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
Latest news
Latest news
Help Net Security
Help Net Security
S
Security Affairs
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
Forbes - Security
Forbes - Security
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Help Net Security
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
Cyberwarzone
Cyberwarzone
The Last Watchdog
The Last Watchdog
S
Securelist
N
News and Events Feed by Topic
S
Secure Thoughts
F
Fortinet All Blogs
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
M
MIT News - Artificial intelligence
F
Full Disclosure
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Microsoft Security Blog
Microsoft Security Blog
I
InfoQ
P
Privacy International News Feed
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CERT Recently Published Vulnerability Notes

News and Events Feed by Topic

Securing AI Data Center: Architecture, Security Posture, and Emerging Standards New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments NIST Guidelines for Secure Remote Access in Water and Wastewater Systems NIST Workshop on Hardware CPE and CVSS Updates NCCoE Two-Pager Now Available: Effective OT Backup Management The Department of Commerce’s CHIPS Program Announces a Letter of Intent with Coherent for up to $50 Million to Expand Indium Phosphide Production Now Available: Practical Guidelines for Preventing and Mitigating Ransomware NIST NCCoE Genomic Data PETs Testbed & Dioptra Webinar NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems NCCoE Cybersecurity Connections Event: Accelerating the Adoption of Mobile Driver's Licenses NIST Expands AI Consortium’s Scope, Calls for New Members Now Available: NIST SP 1800-41, Responding to and Recovering from a Cyber Attack NCCoE Manufacturing Project Update NIST NCCoE Cyber AI Profile Virtual Working Session Series: Usability of the Profile Draft PNT Profile Updated to Align with NIST CSF 2.0 NIST NCCoE Cyber AI Profile Virtual Working Session Series: Extending the Technical Content CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI NIST NCCoE Cyber AI Profile Virtual Working Session Series: Updates to Profile Elements and Contents NICE Releases NICE Framework Components v2.2.0 Adoption of Mobile Driver’s Licenses for Financial Institutions Webinar New Publication: Automation of the NIST Cryptographic Module Validation Program NIST Workshop on AI Incident Management Cybersecurity for IoT Workshop: Future Directions New Live Guidelines for Secure Software Development, Security, and Operations Practices Workshop on Blockchain and Distributed Ledger Technologies Improving the Nation’s Cybersecurity - an Open Forum NIST Guidelines on Implementing Mobile Driver’s Licenses for Financial Institutions NICE Webinar: Beyond Technical Skills - The Human Element of a Cyber Career Artificial Intelligence (AI) for Manufacturing Workshop Safeguarding Health Information: Building Assurance through HIPAA Security 2026 Workshop on Blockchain and Distributed Ledger Technologies 2026 Time and Frequency Seminar NCCoE Project Portfolio Webinar MLXN: Machine Learning for X-ray and Neutron Scattering Comment Now: Draft Guidelines on Data Classification Practices Technologies and Use Cases for Smart Standards NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More Building the Strategic Supply Chain Network Iris Experts Group Annual Meeting New Concept Paper on Identity and Authority of Software Agents SUSHI@NIST: Rolling Next-Generation Secure Hardware into Standards Now Available! Transit Cybersecurity Framework Community Profile Now Available: NIST NCCoE Project Portfolio Cyber AI Workshop #2 NIST Launches Centers for AI in Manufacturing and Critical Infrastructure Apply on USAJobs: Open CAISI Position for an AI Research Scientist Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment Just Published! Final NIST Telehealth Smart Home Integration Cybersecurity White Paper Draft NIST Guidelines Rethink Cybersecurity for the AI Era Comment & Save the Date Now! NIST Cyber AI Profile Preliminary Draft & Workshop Final NCCoE IoT Secure Onboarding Publications Now Available! Mobile Driver’s License Project Update Webinar NCCoE Cybersecurity Connections – Strengthening the Cybersecurity Workforce New Draft White Paper | PQC Migration: Mappings to Risk Framework Docs Now Available: NIST Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3 NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States Feedback Requested: NIST Cryptographic Module Validation Program White Paper New NIST NCCoE Mobile Drivers Licenses Project Resources Now Available! CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems Federal Investments in IoT Infrastructure Offer 10-20x Return, NIST Study Finds Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases We Want Your Feedback! Developing a Transit Cybersecurity Framework Community Profile Advances in Automation of Quantum Dot Devices Control Empowering Future Innovators: NIST CTL Connects Cybersecurity Students with Real-World Research NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More NIST Researchers Demonstrate that Superconducting Neural Networks Can Learn on Their Own STPPA8: Special Topics on Privacy and Public Auditability — Event 8: Experimenting with Privacy-Enhancing Cryptography (PEC) Implementations NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards Second Seminar on Building an In-Space Circular Economy Lessons Learned from the Consortium: Tool Use in Agent Systems
NIST Updates NVD Operations to Address Record CVE Growth
2026-04-15 · via News and Events Feed by Topic

NIST is changing the way it handles cybersecurity vulnerabilities and exposures, or CVEs, listed in its National Vulnerability Database (NVD). In the past, NIST’s NVD program aimed to analyze all CVEs to add details — such as severity scores and product lists — that help cybersecurity professionals prioritize and mitigate vulnerabilities. Going forward, NIST will add details, or “enrich,” those CVEs that meet certain criteria, which are explained below. CVEs that do not meet those criteria will still be listed in the NVD but deemed as "lowest priority" and will not be immediately enriched by NIST.

This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025. We don’t expect this trend to let up anytime soon. Submissions during the first three months of 2026 are nearly one-third higher than the same period last year.

We are working faster than ever. We enriched nearly 42,000 CVEs in 2025 — 45% more than any prior year. But this increased productivity is not enough to keep up with growing submissions. Therefore, we are instituting a new approach. The changes described below will allow us to focus on the most critical CVEs while being transparent about how we are managing our current workload. They will also allow us to stabilize the program while we develop the automated systems and workflow enhancements required for long-term sustainability.

New Prioritization Criteria

Starting on April 15, 2026, we will prioritize the following CVEs for enrichment:

All submitted CVEs will still be added to the NVD. However, those that do not meet the criteria above will be categorized as “Lowest Priority - not scheduled for immediate enrichment.” This will allow us to focus on CVEs with the greatest potential for widespread impact. While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritized categories.

These criteria may not catch every potentially high-impact CVE. Therefore, users can request enrichment of any lowest priority CVEs by emailing us at nvd [at] nist.gov (nvd[at]nist[dot]gov). We will review those requests and schedule the CVEs for enrichment as resources allow.

A full definition of critical software and a description of our new workflow, including how we will order our processing queue, is available on the NVD website.

Streamlining Severity Scores

Until now, NIST has provided its own severity score for all submitted CVEs, even if the CVE Numbering Authority that submitted it had already provided a severity score. Going forward, we will no longer routinely provide a separate severity score for those CVEs. This will reduce duplication of effort and allow us to focus our resources more effectively. Users can request that we provide a separate severity score for specific CVEs by emailing us at the address above.

Handling of Modified CVEs

We are changing our process for reanalyzing enriched CVEs that have been modified subsequent to enrichment. While our previous policy was to re-analyze all modified CVEs, we will now do so only if we are aware of a modification that materially impacts the enrichment data. Users can request that we reanalyze specific modified CVEs by emailing us at the address above. Because of this process change, all CVEs marked as deferred last year (see April 2, 2025: NVD General Announcement) will be moved to “Modified After Enrichment.” Due to the large number of CVEs involved, we will be recategorizing these CVEs in batches over the next two weeks.

The CVE Backlog

Starting in early 2024, the NVD developed a significant backlog of unenriched CVEs. Unfortunately, we have been unable to clear that backlog, in part due to the increasing rate of submissions. Therefore, when we implement the new prioritization criteria described above, we will move all backlogged CVEs with an NVD publish date earlier than March 1, 2026, into the “Not Scheduled” category. We will consider enriching those earlier vulnerabilities, applying the new prioritization criteria above, as resources allow. (Note that the backlog does not include any CVEs in the KEV Catalog, as we have always prioritized those for enrichment, in keeping with our long-standing risk management approach.)

New Status Labels and Other Information

To better communicate CVE status, we are updating CVE status labels and descriptions. More details are available on the CVE statuses page. Additional details on our new process are available on our CVEs and the NVD Process page. Finally, we have updated the NVD Dashboard to accurately report the status of all CVEs and other NVD statistics in real time.

We recognize that these changes will affect our users. However, this risk-based approach is necessary to manage the current surge in CVE submissions while we work to align our efforts with the needs of the NVD community. This shift also allows us to dedicate the resources required to develop the automated systems and workflow enhancements that will ensure the program’s long-term sustainability. We look forward to announcing those improvements as we make them.

NIST is committed to maintaining the NVD as a critical component of the nation’s cybersecurity infrastructure. By evolving the NVD to meet today’s challenges, we can ensure that the database remains a reliable, sustainable and publicly available source of information about cybersecurity vulnerabilities. We appreciate the continued collaboration of our partnering agencies and the user community as we make these necessary adjustments.