Technology
NIST Gives Up on Enriching Most CVEs
On April 15, NIST announced that the National Vulnerability Database will only enrich CVEs that affect federal software, critical infrastructure, or vulnerabilities CISA already sees being exploited. Everything else gets filed as 'Not Scheduled.' The quiet consequence: the vulnerability scanners your organization relies on may start missing things — and showing green anyway.