NIST Narrows CVE Enrichment Amid Growing Backlog Strain
🔍 NIST will restrict enrichment in its National Vulnerability Database to the most critical CVEs, prioritizing entries in CISA’s Known Exploited Vulnerabilities (KEV), software used by the federal government, and other critical products. All other CVEs will be ingested but marked as not scheduled, and the agency will stop recalculating severity scores when submitters provide their own. The move follows a surge in submissions and a backlog of more than 30,000 CVEs, and NIST says it will adopt automation and delegate tasks to CNAs to stabilize NVD operations.
