menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Info. Security News News

>

CVE backlo...
source image

Securityintelligence

1M

read

343

img
dot

Image Credit: Securityintelligence

CVE backlog update: The NVD struggles as attackers change tactics

  • The number of vulnerabilities processed by the National Vulnerability Database (NVD) started to slow down in February.
  • As of May, 93.4% of new vulnerabilities and 50.8% of known exploited vulnerabilities were still waiting on analysis.
  • NIST funding was cut by 12% this year, making it more difficult for the agency to identify and analyze CVEs.
  • The sheer number of reported vulnerabilities poses a problem for analysis efforts. NIST reported 33,137 vulnerabilities in 2023.
  • While CVEs remain critical for effective security, attackers aren’t using their severity rating as criteria for compromise.
  • Attackers focus on the most exploitable vulnerabilities, which are often ranked as medium or low severity.
  • Companies need to prioritize IT visibility, focusing on exploitability and share the burden between different teams.
  • Security teams can leverage alternative resources- CISA Vulnrichment and The CVE Program.
  • NIST hopes to eliminate the CVE backlog by September 2024, with new focus on AI-enabled threats.
  • Enterprises must change their approach to align with attackers' evolving tactics.

Read Full Article

like

20 Likes

share

4 Shares

For uninterrupted reading, download the app