VulnCheck NVD++ Reduces the Industry’s Dependence on NIST for Reliable and Performant Access to CVE Data

LEXINGTON, Mass.: VulnCheck, the exploit intelligence company, today announced it will provide its Community members access to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) 2.0 data via API. The VulnCheck Community is open and free to join, with a growing set of resources for managing vulnerability prioritization and risk. VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.

“The NIST NVD 2.0 API frequently fails to respond or otherwise drops requests, which can be a major problem for organizations that integrate their vulnerability processes with it,” said Anthony Bettini, founder and CEO at VulnCheck. “The issues make sense as it's a best-effort free source from the government. However, given these challenges and concerns around future maintenance of the NVD, our newly-available database and APIs solve the need for publishing data at a higher velocity and reduce the industry’s reliance on NIST for timely data. This is VulnCheck’s first step in solving these challenges associated with the NVD.”

Vulnerability management, threat detection and response, and other cybersecurity teams rely on NIST's NVD 2.0 APIs to integrate intelligence into their security tools for prioritizing patching and remediation of known vulnerabilities. API unresponsiveness and dropped requests put this dependency at risk and negatively impact downstream security workflows. VulnCheck NVD++ solves these challenges with a reliable, persistent connection to our Community NVD 2.0 API that operates at machine speed. VulnCheck is committed to maintaining access to NVD 2.0 and 1.0 data with our complementary Community API.

“There’s been a lot of discussion and frustration around issues with NVD,” said Thomas Pace, co-founder and CEO at NetRise. “While NIST says it's establishing a consortium to address these challenges, the community at large would benefit greatly by moving this repository to the private sector and running it like an open-source project. VulnCheck is positioned perfectly to answer that call.”

VulnCheck NVD++ is the latest addition to its Community resources to serve security teams and practitioners. In December 2023, VulnCheck announced its first Community resource: perpetual support and maintenance of the NIST NVD 1.0 API, ahead of the migration deadline. VulnCheck NVD++ bundles the 2.0 API with the previously released 1.0 API, including downloadable JSON backup files for each, into a single resource.

Last month, the company unveiled the VulnCheck Known Exploited Vulnerabilities (KEV) catalog, providing security teams and threat detection engineers with advanced intelligence on vulnerabilities that have been exploited in the wild to better manage threats, solve the prioritization challenge and outpace adversaries.

For more information on VulnCheck’s open-source database and other Community offerings, visit https://vulncheck.com/community.

About VulnCheck

VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn, Mastodon, or X. To learn more about VulnCheck, visit https://vulncheck.com/.

Fonte: Business Wire