The Inception and Evolution of NVD, Current Challenges, Future of NVD, and the Way Forward for the Cybersecurity Industry!
Anyone who has worked in cybersecurity or specifically into Vulnerability Management would have come across not only the Common Vulnerabilities and Enumerations (CVE), but also the NIST National Vulnerability Database (NVD).
I had covered about the CVE in my previous article, and the focus of this article is the NVD. I touch upon the origins and evolution of the NVD over time, its significance in vulnerability management, recent developments affecting NVD in the past few weeks, reasons these developments raise concerns, and the industry’s reaction to these events.
What is NVD?
The National Vulnerability Database (NVD) is a standards based vulnerability management database by the U.S. National Institute of Standards and Technology (NIST). The database provides a standardized framework for collecting, assessing, and cataloguing information about security vulnerabilities found in computer hardware and software.
The NVD works closely with the Common Vulnerabilities and Exposures (CVE) system. CVE assigns unique identifiers to vulnerabilities, and the NVD uses these identifiers to provide more…