I was hoping to get a blurb or something from Rapid7 about the recent changes announced by NIST earlier this week. I am curious how Rapid7 plans to tackle that either individually, with the vulnerability management consortium (alliance, whatever its called), and so on.
NIST Updates NVD Operations to Address Record CVE Growth | NIST
Criteria from article:
New Prioritization Criteria
Starting on April 15, 2026, we will prioritize the following CVEs for enrichment:
-
CVEs appearing in CISA’s Known Exploited Vulnerabilities (KEV) Catalog
- Our goal is to enrich these within one business day of receipt
-
CVEs for software used within the federal government
-
CVEs for critical software as defined by Executive Order 14028