As the agency’s vulnerability database buckles under a flood of submissions, it’s planning to shift some responsibilities to other parties.

A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE ...

The EU has launched a new alternative to the US-led CVE vulnerability database, offering European security teams a decentralized backup amid funding and continuity concerns.

If you think SAST and SCA are enough, you’re already behind. The future of app security is posture, provenance and proof, not alerts.

By the time of CVE's launch, ISS (later acquired by IBM) maintained a fully public VDB, as of August 1997. A company I helped found, Repent Security Inc., also offered a commercial subscription to a ...

Microsoft released patches for CVE-2026-21509, a new Office zero-day vulnerability that can be exploited to bypass security features.

MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in ...

Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.

Expert insights on information sharing - what is happening now and preparing cybersecurity leaders for what lies ahead.

Corporations across the globe are facing a dynamic risk environment, as AI adoption surges with few guardrails, business ...

This position is part of the National Institute of Standards and Technology’s (NIST) Professional Research Experience Program (PREP). NIST recognizes that its research staff may wish to collaborate ...