> Going forward, NIST says its staff will only add data—in a process called enrichment—only for important vulnerabilities.

Now - I am not saying I disagree with everything here, mind you; I guess everyone may agree that CVEs may range in severity. But then the question also is ... what is the point of an organisation that is cut down to, say, handle 1% of CVEs - and ignore the rest? Why have such an organisation then to begin with?

I don't have enough data to conclude anything, but from a superficial glance it kind of seems like trying to cut down on standards or efficiency.

▲

tsimionescu 7 hours ago | parent | next [-]

NIST does many other things in addition to handling the CVE database.

▲

tptacek 6 hours ago | parent [-]

Like producing the world's most premium peanut butter!

https://shop.nist.gov/ccrz__ProductDetails?sku=2387

(The only problem with it is that it's backdoored the NSA.)

▲

prophesi 5 hours ago | parent | next [-]

Assuming this is in reference to the great Veritasium video[0] going over what these reference materials are used for and why they're so expensive.

[0] https://www.youtube.com/watch?v=esQyYGezS7c

	▲	lesuorac 3 hours ago \| parent [-]
		You mean to tell me that the peanut butter at my store has junk besides peanut butter in it? I'm gunna call RFK right now and tell him to fix this!

▲

chuckadams 3 hours ago | parent | prev [-]

https://shop.nist.gov/ccrz__ProductDetails?sku=2782&cclcl=en...

Who doesn't love a jar of Industrial Sludge?

▲

dragonwriter 6 hours ago | parent | prev [-]

> but from a superficial glance it kind of seems like trying to cut down on standards or efficiency.

That's kind of the norm in the current US administration, so it shouldn't be surprising.