NIST limits CVE enrichment to critical vulnerabilities
Summary
NIST announced a policy to limit CVE enrichment in the National Vulnerability Database to only three critical categories, driven by a surge in vulnerabilities and budget constraints. NVD will also stop providing its own CVSS scores and will display the issuer's score instead, potentially impacting vulnerability management workflows and third-party scanning tools.