Techly NewsGet the app

Get the latest tech news

The NIST Finally Hires a Contractor to Manage CVEs


Security experts have been frustrated because no one was managing the Common Vulnerabilities and Exposures security reports. Good news: The NIST has hired a company to manage the backlog. Bad news: The company has no experience with this kind of security work.

However, it’s not uncommon for businesses in the government contracting sphere to hire the expertise they need. That score determines whether the IT security crew shrugs its collective shoulders (3.9 or below) or calls “all hands on deck” to patch or remediate the problem as soon as possible (9.0 or higher). Dan Lorenc, CEO of Chainguard, a software supply chain security company, recently wrote, “ the ridiculous rash of awful CVEs ” resulted from “scraping old issues and commits to file these in an automated fashion, without ever getting maintainers involved.”

Get the Android app

Or read this on r/technology

Read more on:

Photo of NIST

NIST

Photo of contractor

contractor

Photo of CVEs

CVEs

Related news:

News photo

NIST turns to IT consultants to clear National Vulnerability Database backlog

News photo

Over 1k vulns that MITRE and NIST 'might' have missed but China or Russia didn't

News photo

The Linux kernel giving CVEs to all bugfixes is sort of predictable

« Summer Game Fest 2024: what to expect and how to watch
Study finds 268% higher failure rates for Agile software projects »