Resource Library

Big changes are afoot in how software vulnerabilities are managed that have significant implications for software developers and their customers. NIST is making changes to its National Vulnerability Database, which has long served as the source of truth for CVE data, that put its usefulness into question. It’s changing which CVEs get enriched, with many moving to a “Not Scheduled” status for which NIST no longer provides CVSS scores. The moves raise questions for SCA and vulnerability programs about where gaps exist in data, and whether other options are available to fill the gaps. In this webinar, you’ll hear from a pair of industry experts who will explain what’s happening, what software vendors and developers need to know about it, and potential paths forward.