On April 15, NIST announced a prioritized enrichment model for the National Vulnerability Database. Most CVEs will still be published, but fewer will receive the CVSS scores, CPE mappings, and CWE classifications that container scanners and compliance programs have historically relied on.
The change formalizes a drift that has been visible to anyone pulling NVD feeds for the past two years. What s...
The strongest version of this narrative highlights a necessary adaptation to an unsustainable surge in vulnerability disclosures. NIST’s decision to prioritize enrichment for high-impact CVEs reflects a pragmatic response to resource constraints, acknowledging that not all vulnerabilities warrant equal attention. The article credibly frames this as a structural shift rather than a temporary setback, supported by data on CVE growth and the operational strain on NVD’s enrichment pipeline. It also ...