On April 15, NIST announced a prioritized enrichment model for the
National Vulnerability Database.Most CVEs will still be published,
but fewer will receive the CVSS scores, CPE mappings, and CWE
classifications that container scanners and compliance programs
have historically relied on. The change formalizes a drift that has
been visible to anyone pulling NVD feeds for the past two
years.What shifted on April 15 is the expectation:NIST has now said
plainly that it does not intend to return to full-coverage
enrichment.For programs that built
On April 15, NIST announced a prioritized enrichment model for the
National Vulnerability Database.Most CVEs will still be published,
but fewer will receive the CVSS scores, CPE mappings, and CWE
classifications that container scanners and compliance programs
have historically relied on. The change formalizes a drift that has
been visible to anyone pulling NVD feeds for the past two
years.What shifted on April 15 is the expectation:NIST has now said
plainly that it does not intend to return to full-coverage
enrichment.For programs that built