NIST is rethinking its role in analyzing software vulnerabilities

As the agency’s vulnerability database buckles under a flood of submissions, it’s planning to shift some responsibilities to other parties.
CU Boulder News & Events

Taxonomy of purposes, methods, and recommendations for vulnerability analysis

"Taxonomy of purposes, methods, and recommendations for vulnerability analysis" Bonham, N., Kasprzyk, J., Zagona, E., (2024) “Taxonomy of purposes, methods, and ...
Nextgov

NIST may not resolve vulnerability database backlog until early 2025, analysis shows

A leading U.S.-managed database of cybersecurity vulnerabilities has a processing backlog so extensive that, at current rates, it likely won’t be cleared up until early 2025, a new analysis shows. The ...
NextBigFuture

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...
Dark Reading

Reachability Analysis Pares Down Static Security-Testing Overload

AI assistants are a double-edged sword for developers. On one hand, code-generation assistants have made creating barebones applications easier and led to a surge in code pushed to GitHub. Yet just as ...
Forbes

The Critical Role Of Vulnerability Management In Compliance

Many organizations prioritize compliance, assuming it ensures security—but does it, actually? Vulnerability management should come first, as security is about proactively identifying and mitigating ...
SiliconANGLE

WinRAR vulnerability under active exploitation, warns Google’s Threat Analysis Group

Google LLC’s Threat Analysis Group today warned users of a vulnerability in file archiving and compressing software WinRAR that’s being actively exploited by hacking groups, including allegedly ...