Recent NVD Delays Won’t Affect Tenable Vulnerability Management Customers Thanks To Our Diverse Scoring Sources
NIST has announced delays in the CVE enrichment process of its National Vulnerability Database (NVD), but the situation doesn’t impact Tenable VM customers because our vulnerability scoring is based on multiple sources.
We have heard concerns from many of our customers about the note posted on the NIST National Vulnerability Database (NVD) website advising of “temporary delays in analysis efforts” on CVE metadata updates, including CVSS scoring.
We want to reassure customers that Tenable Vulnerability Management products have based vulnerability scoring on a diverse range of sources for many years and do not rely solely on the NVD to determine CVSS scoring or vectors. In fact, in May 2023 Tenable Research published a “Mind the Gap” four-part series highlighting the value of our broad and diverse gathering of CVSS score sources to reduce the risk of waiting for NVD scoring.
With the increased lag in NVD CVSS metadata posting, our customers will find even greater value in Tenable’s proven approach to vulnerability scoring. Our publicly available website https://www.tenable.com/cve/newest can be used as a source of truth for the latest CVE vulnerabilities.
As a reminder, in the absence of NVD CVSSv3 scoring, Tenable Vulnerability Management products will generate CVSSv3 metrics from a diverse pool of sources. In addition, our proprietary VPR calculations provide a risk-based assessment of the vulnerabilities that matter most.
In short, regardless of the delays in NVD CVSS scoring updates, Tenable Vulnerability Management products will continue to have you covered.
Related Articles
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.
Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience
October 18, 2024Check out invaluable cloud security insights and recommendations from the “Tenable Cloud Risk Report 2024.” Plus, a PwC study says increased collaboration between CISOs and fellow CxOs boosts cyber resilience. Meanwhile, a report finds the top cyber skills gaps are in cloud security and AI. And get the latest on SBOMs; CIS Benchmarks; and cyber pros’ stress triggers.
Tenable Ranked #1 in the Device Vulnerability Management Market for the Sixth Consecutive Year in IDC's Market Shares Report
October 10, 2024The research firm’s latest report also provides advice for technology suppliers that they can use to improve their vulnerability management strategy.
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
- Vulnerability Management
- Risk-based Vulnerability Management
- Tenable Vulnerability Management (DO NOT USE)
- Vulnerability Management