Continue to safeguard your organization during NVD update delays

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

The National Institute of Standards and Technology (NIST) recently announced updates to the National Vulnerability Database (NVD) program causing delays in enrichment process of its analysis of Common Vulnerabilities and Exposures (CVEs).  
This means that important data is missing for a significant number of recent CVEs, lacking metadata, including severity scores and affected product details.


Message from NIST

NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.”  Read more on 


Microsoft Defender Vulnerability Management continues to safeguard your organization.

Many organizations have expressed concerns about the delays in the NVD process, which has caused thousands of vulnerabilities to lack metadata.  
Defender Vulnerability Management provides accurate and timely vulnerability information from multiple sources and does not solely rely on the NVD program. Our platform obtains vulnerabilities data from a variety of public security bulletins including NVD, IBM X-Force, Exploit-DB, Microsoft, RedHat, Ubuntu, Debian, Google, Adobe, Kubernetes and many more, and our vulnerability scoring is based on a diverse range of sources, collected automatically on an hourly/daily basis. We leverage direct information from the source and ensure the accuracy and timeliness of our vulnerability management solutions, ensuring that our customers are safeguarded against potential threats. 

Our proprietary exposure score provides a risk-based assessment of the vulnerabilities that matter most, pinpointing organizational risk using business context, threat intel, and numerous other risk factors. 


Furthermore, we're collaborating with NIST to understand their plan, while continuing to help customers continue to manage risk in the interim.  


In conclusion, during the current delays in the NVD process, Microsoft Defender Vulnerability Management customers can rest assured that our platform provides accurate and timely vulnerability information from multiple sources, ensuring that their organizations are safeguarded against potential threats.


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.