Security
NIST’s New Approach to Streamlining Flaw Prioritization in Response to Increased Volume
NIST to Cease Rating Non-Priority Vulnerabilities Due to Increased Volume
The National Institute of Standards and Technology (NIST) has announced that it will no longer assign severity scores to lower-priority vulnerabilities. This decision comes as a result of the growing workload stemming from the rise in submission volumes.
Effective April 15, NIST will only provide detailed analysis, including severity ratings and product lists, for security issues that meet specific criteria related to the level of risk they pose.
While the National Vulnerability Database (NVD) will continue to list all submitted vulnerabilities, those categorized as low priority will only receive a severity rating from the CVE Numbering Authority (CNA) that assessed and submitted them.
NIST Criteria for Vulnerability Analysis
In its recent announcement, NIST outlined specific criteria for vulnerabilities that will receive additional details:
- Presence in CISA’s Known Exploited Vulnerabilities (KEV) catalog
- Impact on U.S. federal government software
- Association with critical software as defined by Executive Order 14028
NIST cited the overwhelming number of submissions, which have surged by 263% recently and continued to rise in 2026, as the primary reason for this decision. Despite enriching 42,000 CVEs in 2025, NIST is struggling to keep pace with the escalating volume.
The NVD, a publicly accessible database of known software and hardware vulnerabilities, offers detailed descriptions and analyses in addition to the CVE IDs provided by CNAs like The MITRE Corporation and vendors.
Enhancing Vulnerability Details for Effective Risk Management
The purpose of enriching vulnerability details is to facilitate risk management by assigning severity scores, identifying affected product versions, classifying weaknesses, and providing links to advisories, patches, or related research.
Widely utilized by security researchers, software vendors, government agencies, IT professionals, journalists, and general users seeking information on security issues, NIST NVD serves as a valuable resource.
NIST clarified that all submitted CVEs will still be included in the NVD. However, those not meeting the specified criteria will be labeled as “Not Scheduled.” This strategic approach allows NIST to concentrate on CVEs with the potential for widespread impact.
Recognizing the possibility of high-impact CVEs slipping through under the new guidelines, NIST welcomes enrichment requests for “any lowest priority CVEs” via email at ‘nvd@nist.gov.’
Despite noticeable delays in enrichment or lack thereof since 2024, NIST has formally declared its commitment to prioritizing the most critical entries.
Introducing the Pixel 11: Illuminating ‘Pixel Glow’ Rear Lights
The Future of Tablets: OLED iPad Air Set to Launch in Early 2027
Anthropic Mythos: The AI Cybersecurity Crisis and Amodei’s Return to the White House
CarExpert Sets the Stage at the World’s Biggest Motor Show
NIST’s New Approach to Streamlining Flaw Prioritization in Response to Increased Volume
The Yearly Outlook: A TechCrunch Analysis
Uncovering the Multi-Million Dollar Crime Network Unveiled by iCloud Backup
Unleashing the Beast: Novitec Revuelto with Lamborghini-like Exhaust Roars
Is your Smartphone Overpriced?
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
Is your Smartphone Overpriced?
Huawei’s Operating System of the Future?
OnePlus messed up.
I quit my job to play with smartphones.
12 BRUTAL Smartphone Fails they want you to forget.
Escobar launched a new phone – DON’T buy it.
How THIS wallpaper kills your phone.
The 2020 Voice Assistant Battle.
DON’T buy this USB Stick.
-
Facebook6 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook6 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook4 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook6 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook4 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook6 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook5 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple6 months agoMeta discontinues Messenger apps for Windows and macOS
