The NIST/NVD situation and vulnerability management programs

In the infosec world we continually preach about “defense in depth,” or layered security. The idea is that if a defensive measure at one layer fails, there are additional layers behind it that serve as a safety net. An interesting application of these concepts comes in examining the data feeds that provide information to our security tools. If one of the feeds goes down, will our security tooling continue to work as expected? This recently came to light when the National Institute of Standards and Technology (NIST) announced that it cannot keep up with the number of software bugs being… [Continue Reading]