Go back

Why We Are Open-Sourcing NVD 1.0

Tom Bain@tmbainjr1

Managing vulnerabilities at scale is something the entire cybersecurity ecosystem has struggled with for a long time.

As exploited vulnerabilities are becoming a more prominent and driving threat to organizations - particularly freely available vulnerabilities disclosed by software and product manufacturers - it has become clear that vulnerability prioritization, or understanding the level of exploitability of a particular vulnerability, is still really, really hard.

One of the tried and true resources provided to the broader cybersecurity market is NIST’s NVD - the National Vulnerability Database. This tool is leveraged by most, if not all, SecOps and vulnerability management teams. And, there are likely millions of customized workflows built around the NVD feed in every single cybersecurity product designed to enrich this function.

Currently, NVD v1.0 is set to be retired on December 15. As part of VulnCheck’s new Community Platform tier, we are open-sourcing the availability of NVD v1.0, so that teams can have access to it without disrupting custom workflows or without having to re-tool how humans and machines consume CVE data.

Why Continuity With NVD 1.0 is Essential

Speed and efficiency are not just goals – they are necessities in prioritizing and managing vulnerabilities in products and software. At VulnCheck, our mission revolves around this principle: to accelerate the cybersecurity ecosystem's ability to identify and neutralize threats, you have to be quicker, and you simply need better data all the time.

The importance of NVD 1.0 in the daily operations of vulnerability management and SecOps teams cannot be overstated - it's the best public yet validated source available to cybersecurity product managers and to SecOps, IR, and vulnerability management teams next to the CISA KEV list.

However, as we edge closer to the NVD's 2.0 API migration deadline on December 15, we are stepping up to ensure that this transition does not slow down the entire ecosystem built around it.

Our commitment to maintaining NIST’s NVD 1.0 reflects our dedication to keeping the cybersecurity community agile and responsive. It's cool working for a company willing to put resources behind supporting the broader cyber ecosystem.

Why is This Important?

  • Facilitating Uninterrupted Workflows: The cybersecurity community can maintain its current pace and efficiency without the disruption of adapting to new API structures.
  • Supporting Strategic Evolution at a Team’s Own Pace: This initiative provides the time needed for teams to thoughtfully plan and adapt to NVD 2.0, ensuring no compromise in their operational effectiveness.
  • Promoting Collective Intelligence is Always a Good Thing: By fostering a community-driven approach, we enable the sharing of strategies and insights, enhancing the collective ability to combat cyber threats.

Speed and efficiency in addressing vulnerabilities are not just operational goals; they are critical to cybersecurity success. By maintaining NVD 1.0, we're not just making a tool available – we're upholding a staple of the broader cybersecurity ecosystem. The changes brought on by NVD's 2.0 APIs will force development teams to redesign how CVE data is acquired, processed, and loaded, which will take significant time and testing. Our goal is to ensure that all vulnerability management operations designed for NVD 1.0 will function as needed until teams are ready to make the jump.

Anthony Bettini
Founder and CEO

VulnCheck’s commitment to NVD 1.0 is just one part of our broader vision. We're also focused on facilitating a well-planned migration to NVD 2.0, ensuring that the cybersecurity community is equipped for future challenges.

Get it Today

Learn more about how we're supporting rapid and efficient vulnerability management and get access to the NVD 1.0 database here.

Other Community Platform tier resources we have available include: