Announcements
Planned Site Maintenance
Due to scheduled maintenance, account creation for new Community users will be unavailable 11 a.m. Eastern October 23, 2020 – October 24, 2020. We apologize for any inconvenience.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer III

us-cert bulletins - Department Broken, nothing seems to be assessed and backlog growing.

Recent bulletins seem to have very few if not none of the growing backlog categorized.

 

See for your self at https://www.us-cert.gov/ncas/bulletins/  currently 279 not yet calculated

 

Now if there is a problem here then surely this means your Vendors may not be including these into there detection's thus widening the gap on what gets patched, or at the very least prioritized.

 

Surely this is bad for global security but good for US intel/signals groups having easier targets.

 

Why is the US-Cert the only cert capable of producing these notifications, Why are none of the other Global Certs doing anything similar? 

 

Is the problem is actually upstream with NIST NVD?

 

Anybody know anything different, is this US policy change(making rest of world pay its fair share)??

1 Reply
Highlighted
Community Champion

Re: us-cert bulletins - Department Broken, nothing seems to be assessed and backlog growing.

No further info on the CVE but just as context/an aside VirusTotal did look to reduce the access to less enthusiastic participants.

 

https://www.theregister.co.uk/2016/05/09/security_freeloaders_not_welcome_as_virustotal_gets_tough/

 

https://blog.virustotal.com/2016/05/maintaining-healthy-community.html