Risky Bulletin Newsletter
March 15, 2024
Risky Biz News: NIST NVD stopped enriching CVEs a month ago
Presented by

News Editor
For more than a month, staff at the US National Institute of Standards and Technology (NIST) has stopped enriching CVE vulnerability data added to the National Vulnerability Database (NVD).
More than 2,100 CVE entries have been published without crucial metadata information—a process called "enrichment."
Enrichment data is crucial to anyone viewing the NVD. It provides basic details such as the name of software products impacted by the CVE, the vulnerability's CVSS severity scores, CVE and CWE data, a basic description of the bug, and patching status.