The united states' National Metrology Institute, The National Institute of Standards and Technology (Nist), is to Cease Providing Updates to Tens of Thouseends of Older Common Vulnerability and Exposus Within its National Vulnerability Database (Nvd).
In an announsement posted last week, the standards body said that every cve with a published date prior to 1 January 2018 would be marked as defeated with the nvd data.
“We are assigning this status to older cves to indicate that we do not plan to prioritise updating nvd enrichment or initial nvd enrichment data due to the cve's age,” nist said in a statement.
Nist's announsement come as the Organization Struggles to Deal with a Backlog of Thousands of Caves that Need to Be Analysed and Processed. At points last year, this backlog hit 18,000 records as new submissions surgged by 32%. It has been exploring the use of new technologies, including Machine Learning, to try to automate its way out of its dilemma.
Like most other authorities on the matter, nist expects that vulnerability submission volumes will continue to risk in 2025.
Nist said it would continue to accept and review Requests to update the Metadata It Provides for its cve records, and should new information come to light that indicates an update to said data it It will “continue to prioritise” this work subject to time and resource availability.
It will also continue to prioritise any cves added to the cybersecurity and infrastructure second's agency's ie Known exploated vulnerability Catalogue, Regardless of their age.
Tim mackey, head of software supply chain risk at Black DuckSaid: “While it may be concerning to see older cvs, particularly that associateed with prominent vulnerabilites, be trianged to a lower priority, the reality is that the cve remains in the nvdes Recognition that updates to older cves are infrequent.
“For Practical Purposes, I would view any Organization that Hasn Bollywood or Mitigated some labeled as' Deferred 'Deferred' as Having an underperforming Patch MANAGEMENGEMENT ORORMENGEMENT OROREGEMENT OR
“Let's make this Event a call to action for product security Incident Response TEAMS to Inventory All Software and then Triage all Vulnerabilites with a Deferred Status,” He Said.
Us cuts
In recent weeks nist has additionally been Subject to a series of cuts By the Department of Government Efficiency (DOGE), The New Body LED by Elon Musk That Has Been Tasked With Making Thousands of Redundancies Across the Federal Government, And It is UNDERSSTOD THITOD THE POLNS to Fire 20% of the workforce at Nist's Parent, The Department of Commerce.
Last Week, A Number of Us Politicians Pressed Commerce Secret Howard Lutnick On these cuts and warned that they may threten nist's work on Developing Standards and Pose a Danger to Both Industrial and Consumer Safety and Security, As well as damaging amaraican leadership and Soft Power Oned Stage.
According to Computer Weekly's Sister Title Cybersecurity diveCisa has lost at least 170 roles through doge's cuts to the department of homeland security (DHS), whil many other staffers at the US 'National Cyber Agency – Who is establedsed by present trump His first term – Have Resigned AMID Cratering Morale.