Is MITRE's CVE program redundant with NIST's National Vulnerability Database? I'm having a hard time telling how the two are related, or if NVD is simply performing the same service as MITRE.
NIST NVE relies on the CVE program. (vulnerabilities get reported, MITRE assigns CVEs and publishes them, NIST then copies that list and adds their own scoring etc to it)
> Hearing a bit more on this. Apparently it's up to the CVE board to decide what to do, but for now no new CVEs will be added after tomorrow. the CVE website will still be up.
Is MITRE's CVE program redundant with NIST's National Vulnerability Database? I'm having a hard time telling how the two are related, or if NVD is simply performing the same service as MITRE.
NIST NVE relies on the CVE program. (vulnerabilities get reported, MITRE assigns CVEs and publishes them, NIST then copies that list and adds their own scoring etc to it)
What are the implications of this? No more centralized store of vulnerability information?
According to Brian Krebs: https://infosec.exchange/@briankrebs/114343835430587973
> Hearing a bit more on this. Apparently it's up to the CVE board to decide what to do, but for now no new CVEs will be added after tomorrow. the CVE website will still be up.