nvd
Safeguard articles tagged "nvd" — guides, analysis, and best practices for software supply chain and application security.
18 articles
Why Snyk's vulnerability database often reports issues be...
NVD's CVE enrichment pipeline has a well-documented backlog since 2024. Here's the mechanical reason Snyk's database often shows vulnerabilities weeks earlier.
NIST NVD Recovery: The New Consortium Reshaping Vulnerability Data
After months of processing backlogs and community frustration, NIST announces a new consortium to modernize and sustain the National Vulnerability Database.
The National Vulnerability Database: How to Actually Use It
The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.
NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams
NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.
OSV Schema: The Open Source Vulnerability Database Format Explained
OSV provides a standardized format for vulnerability data that is purpose-built for open-source ecosystems. Here is how it works and why it is better than NVD for dependency scanning.
CPE Naming Convention and the Vulnerability Matching Problem
CPE is the backbone of NVD vulnerability matching, and it is deeply flawed. Understanding its limitations is essential for accurate vulnerability management.