The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities to the database, after analyzing public data about them to “enrich” each entry with impact metrics (CVSS), vulnerability types (CWE), applicability statements (CPE), links to security advisories, and more. This database … More
The post CISA starts CVE “vulnrichment” program appeared first on Help Net Security.