GoKawiilRisky Bulletin Newsletter
Written by
Catalin Cimpanu News Editor
This newsletter is brought to you by Corelight . You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed . You can also add the Risky Business newsletter as a Preferred Source to your Google search results by going here .
The US National Institute of Standards and Technology announced on Wednesday a new policy regarding the US National Vulnerability Database, which the agency has been struggling to keep updated with details for every new vulnerability added to the system.
Going forward, NIST says its staff will only add data—in a process called enrichment—only for important vulnerabilities.
This will include three types of security flaws, which the agency says are critical to the safe operation of US government networks and its private sector.
CVE entries for vulnerabilities listed in CISA KEV , a database of actively exploited bugs;
, a database of actively exploited bugs; CVEs in software known to be used by US federal agencies ;
; and CVEs in what the agency classifies as "critical software."
... continue reading