Selective NVD enrichment: Why it matters

NIST announced it will selectively enrich CVEs in the NVD only for items in CISA’s KEV, federal-use software, or EO 14028–defined critical software; the article explains how that change—driven by a surge in CVE submissions and AI-assisted reports—will create backlogs, increase manual analysis, produce data quality variability, and widen blind spots in supply-chain and SaaS ecosystems, urging organizations to adopt additional prioritization, exploitability metrics, and advanced tooling.