2024-3-19 16:10:0 Author: www.tenable.com(查看原文) 阅读量:4 收藏
NIST has announced delays in the CVE enrichment process of its National Vulnerability Database (NVD), but the situation doesn’t impact Tenable VM customers because our vulnerability scoring is based on multiple sources.
We have heard concerns from many of our customers about the note posted on the NIST National Vulnerability Database (NVD) website advising of “temporary delays in analysis efforts” on CVE metadata updates, including CVSS scoring.
We want to reassure customers that Tenable Vulnerability Management products have based vulnerability scoring on a diverse range of sources for many years and do not rely solely on the NVD to determine CVSS scoring or vectors. In fact, in May 2023 Tenable Research published a “Mind the Gap” four-part series highlighting the value of our broad and diverse gathering of CVSS score sources to reduce the risk of waiting for NVD scoring.
With the increased lag in NVD CVSS metadata posting, our customers will find even greater value in Tenable’s proven approach to vulnerability scoring. Our publicly available website https://www.tenable.com/cve/newest can be used as a source of truth for the latest CVE vulnerabilities.
As a reminder, in the absence of NVD CVSSv3 scoring, Tenable Vulnerability Management products will generate CVSSv3 metrics from a diverse pool of sources. In addition, our proprietary VPR calculations provide a risk-based assessment of the vulnerabilities that matter most.
In short, regardless of the delays in NVD CVSS scoring updates, Tenable Vulnerability Management products will continue to have you covered.
Related Articles
- Risk-based Vulnerability Management
- Tenable.io Vulnerability Management
- Vulnerability Management
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Try Tenable Web App Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Buy Tenable Web App Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Try Tenable Nessus Professional Free
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
NEW - Tenable Nessus Expert
Now Available
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Buy Tenable Nessus Professional
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
如有侵权请联系:admin#unsafe.sh