NIST to stop rating non-priority flaws due to volume increase

NIST has announced it will cease assigning severity scores to lower-priority vulnerabilities due to unsustainable submission volumes. This policy change affects how non-priority flaws are rated in the National Vulnerability Database (NVD), potentially impacting vulnerability prioritization workflows for organizations. The decision stems from the exponential growth in vulnerability submissions overwhelming NIST's processing capacity. Organizations should enhance their internal vulnerability management programs, implement independent prioritization processes, and consider alternative vulnerability databases or scoring mechanisms to maintain comprehensive security posture. This shift may temporarily increase uncertainty in vulnerability risk assessment across the industry.

The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]

NIST has announced it will cease assigning severity scores to lower-priority vulnerabilities due to unsustainable submission volumes. This policy change affects how non-priority flaws are rated in the National Vulnerability Database (NVD), potentially impacting vulnerability prioritization workflows for organizations. The decision stems from the exponential growth in vulnerability submissions overwhelming NIST's processing capacity. Organizations should enhance their internal vulnerability management programs, implement independent prioritization processes, and consider alternative vulnerability databases or scoring mechanisms to maintain comprehensive security posture. This shift may temporarily increase uncertainty in vulnerability risk assessment across the industry. The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...] The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]