Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Final Group Post - CVE List Authorized Data Publisher (ADP) Support

957 views
Skip to first unread message

nvd-news

unread,
Nov 15, 2024, 1:24:04 PM11/15/24
to nvd-news

NVD Technical Update - CVE List Authorized Data Publisher (ADP) Support

We are moving communications to a new system, there will no longer be updates from this google group. Please make sure to check out https://www.nist.gov/itl/nvd and subscribe to the GovDelivery lists!

We plan to deploy changes to our systems the week of November 18th. After this is complete, NVD systems will begin ingesting supported datatypes within the CVE List from all sources (CNAs and ADPs). 

What does this mean?
CVE records within the NVD dataset will contain more information (Reference(s), CWE, and CVSS) from additional sources. This new information will be displayed on the website and in the API responses, attributed to the organization who contributed the information. More information regarding ADPs can be reviewed at https://www.cve.org/ProgramOrganization/ADPs.

Downstream data consumers will notice a large shift in the volume of CVE Record modifications as part of this change. Going forward, organizations should expect CVE records to update at a higher frequency.

Other relevant changes:
Duplicate References and Reference Tags
As part of NVD enrichment efforts, reference tags are associated with each reference provided by a specific source. In instances where the same reference is provided by multiple sources, any reference tags associated to an existing reference will be applied to the newly provided, duplicate reference automatically.

Changes to NVD CVE Record Change History

  • Event Names are now more consistently ordered when they are recorded at the same timestamp.
  • Event Content (Actions and Change Types) will now be more consistently ordered.
  • Reference and Reference Tag (Type) changes will now be audited separately across all cases.
  • “CVE Received” Events will be re-labeled as “New CVE Received”.  Using the “CVE Received” eventName parameter for the /cvehistory/ API will still return the appropriate results.

CVE API and Vulnerability Search Impacts
Due to upstream removal of data points used by the NVD systems, the following parameters will no longer filter search results. These options will be removed in a future release.

  • CVE API: HasCertAlerts, HasCertNotes, HasOval
  • Vulnerability Search:  US-CERT Technical Alerts, US-CERT Vulnerability Notes, OVAL Queries

Legacy Data Feed Files (1.1 JSON)
While the json data provided by the 2.0 API will reflect the ADP updates immediately, the legacy data feed file updates will be staggered over a series of days.


For additional questions or concerns, please reach out to n...@nist.gov!

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages