back to article NIST turns to IT consultants to clear National Vulnerability Database backlog

Facing a growing backlog of reported flaws, NIST has extended a commercial contract with an outside consultancy to help it get on top of its National Vulnerability Database (NVD). NIST has an ongoing five-year $125 million contract with Maryland-based Analygence for various bits of IT and security-related work. That deal was …

  1. CowHorseFrog Silver badge

    What exactly does "Clear" mean in the title ?

    My dog can just drop the entire db for a run on the beach if thats what they want.

  2. Alan J. Wylie

    Opensource Security blog post: "Why are vulnerabilities out of control in 2024?"

    "Why are vulnerabilities out of control in 2024?"

    1. t245t Silver badge
      Terminator

      Re: Opensource Security blog post: "Why are vulnerabilities out of control in 2024?"

      > "Why are vulnerabilities out of control in 2024?"

      Because such software is released without testing for such vulnerabilities. Taking one unit of time to write the code then it should be four more units spent on testing. Nine if it's to be used in a critical system. Instead of; release if it compiles and fix the bugs in the next version.

      1. CowHorseFrog Silver badge

        Re: Opensource Security blog post: "Why are vulnerabilities out of control in 2024?"

        No this software has vulnerabilties because it was written and authorised by idiots who wouldnt know any better.

        How exactly do you expect managers who dont understand the ost basics of technology to possible appreciate the importance or efforts to produce quality safe s/w ?

      2. James R Grinter

        Re: Opensource Security blog post: "Why are vulnerabilities out of control in 2024?"

        Yes, but… there are also some signs of vulnerabilities being claimed for what are essentially just bugs (and I’m not referring to the impact of Linux CVEs - https://sigma-star.at/blog/2024/03/linux-kernel-cna/ - maybe the register could dig up some stats for the latter).

        Anecdotally, in my own day job, we’ve seen two or three recently filed by a third party (not the software developers), without disclosing to the project, with no attempt at a PoC, and claiming “if you this function incorrect arguments then you get an exception”.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like