NIST has announced it will stop enriching most CVEs (Common Vulnerabilities and Exposures) with additional metadata, citing resource constraints and the overwhelming volume of vulnerabilities. This decision will impact security teams who rely on NIST's National Vulnerability Database for detailed vulnerability analysis and prioritization. The change reflects the growing challenge of managing the exponential increase in reported software vulnerabilities.
Background
NIST's National Vulnerability Database (NVD) has been the primary US government resource for vulnerability management, providing enriched CVE data with severity scores, affected products, and remediation guidance. The exponential growth in reported vulnerabilities has strained resources across the cybersecurity ecosystem.
- Source
- Hacker News (RSS)
- Published
- Apr 17, 2026 at 11:09 PM
- Score
- 7.0 / 10