https://www.cve.org/ProgramOrganization/ADPs

nvd.nist.gov / news updates:

  • November 15, 2024:  NVD Technical Update
    CVE List Authorized Data Publisher (ADP) Support
    We plan to deploy changes to our systems the week of November 18th. After this is complete, NVD systems will begin ingesting supported datatypes within the CVE List from all sources (CNAs and ADPs). 

    What does this mean?
    CVE records within the NVD dataset will contain more information (Reference(s), CWE, and CVSS) from additional sources. This new information will be displayed on the website and in the API responses, attributed to the organization who contributed the information. More information regarding ADPs can be reviewed at https://www.cve.org/ProgramOrganization/ADPs.

    Downstream data consumers will notice a large shift in the volume of CVE Record modifications as part of this change. Going forward, organizations should expect CVE records to update at a higher frequency.

    Other relevant changes:
    Duplicate References and Reference Tags

    As part of NVD enrichment efforts, reference tags are associated with each reference provided by a specific source. In instances where the same reference is provided by multiple sources, any reference tags associated to an existing reference will be applied to the newly provided, duplicate reference automatically.

    Changes to NVD CVE Record Change History

    • Event Names are now more consistently ordered when they are recorded at the same timestamp.
    • Event Content (Actions and Change Types) will now be more consistently ordered.
    • Reference and Reference Tag (Type) changes will now be audited separately across all cases.
    • “CVE Received” Events will be re-labeled as “New CVE Received.” Using the “CVE Received” eventName parameter for the /cvehistory/ API will still return the appropriate results.

    CVE API and Vulnerability Search Impacts
    Due to upstream removal of data points used by the NVD systems, the following parameters will no longer filter search results. 

    • CVE API: HasCertAlerts, HasCertNotes, HasOval
    • Vulnerability Search:  US-CERT Technical Alerts, US-CERT Vulnerability Notes, OVAL Queries

    These options will be removed in a future release.

    • published 20 days ago


    Previous

    November 13, 2024
    published 22 days ago

    Next

    See all items from the same source