Government’s software vulnerability repository is slow to add new cyberthreats, report says
There is a median lag time of approximately seven days between when someone discovers an exploitable software vulnerability and its eventual release on the National Vulnerability Database, or NVD, according to research conducted by U.S. cybersecurity and dark web intelligence firm Recorded Future. The NVD, a public repository managed by the National Institute of Standards and Technology that contains data on known vulnerabilities, is one of the preeminent disclosure platforms for information about software flaws that can be exploited by hackers. Private companies and the government share access to it. Recorded Future cautioned companies and agencies against relying on it as the fastest way to learn about new risks to their network infrastructure, products, digital services and other business processes. “While it’s tempting to think of the National Vulnerability Database as the central source for vulnerability information, the reality is that there is a vast amount of content about vulnerabilities already published prior to […]
The post Government’s software vulnerability repository is slow to add new cyberthreats, report says appeared first on Cyberscoop.