Below are some questions that sometimes come up when folks first learn about sourcing the NIST NVD from VulnCheck.
The NIST National Vulnerability Database (NVD) is a vulnerability database maintained by the National Institute of Standards (NIST). However, consuming the NVD from NIST, has been challenging for some organizations.
NVD++ is the latest addition to the VulnCheck Community resources to serve security teams and practitioners. In December 2023, VulnCheck announced its first Community resource: perpetual support and maintenance of the NIST NVD 1.0 offline backups, ahead of the migration deadline. NVD++ bundles the 2.0 API with the previously released 1.0 API, including downloadable JSON backup files for each, into a single resource.
Many organizations first experience with the NIST NVD was via the NIST NVD 1.0 offline backups (bulk data downloads). Many organizations wrote integrations with these data downloads, which were subsequently halted by NIST.
After NIST stopped producing NVD 1.0 offline backups, the NIST then required people to migrate to the NVD 1.0 API. However, on December 15, 2023, this NVD 1.0 API was itself deprecated.
With NVD 2.0 from NIST, the offline backups were never resurrected and the NVD 2.0 API from NIST frequently has timeouts or 503 Service Unavailable errors. In early 2024, NIST posted a rather disconcerting message on their website, https://nvd.nist.gov, which made some folks in the Cybersecurity community concerned about NIST's continued involvement in NVD. VulnCheck was one of these concerned organizations and we felt ready to start helping the community that we're all part of.
Signup for a free VulnCheck Community account on https://vulncheck.com
It's free! We only ask for prominent attribution to VulnCheck.
VulnCheck Community includes two (2) versions of NVD++. These include:
Index | Source | Description |
---|---|---|
nist-nvd2 | NIST | NVD 2.0 |
nist-nvd | NIST | NVD 1.0 generated from NVD 2.0; unlike NIST, supported indefinitely |
VulnCheck Exploit & Vulnerability Intelligence includes four (4) versions of NVD. These include:
Index | Source | Description |
---|---|---|
vulncheck-nvd2 | VulnCheck | NVD 2.0 with VulnCheck extensions (more fields and earlier data) |
vulncheck-nvd | VulnCheck | NVD 1.0 with VulnCheck extensions (more fields and earlier data) |
nist-nvd2 | NIST | NVD 2.0 with an SLA |
nist-nvd | NIST | NVD 1.0 with an SLA generated from NVD 2.0; unlike NIST, supported indefinitely |
NVD++ from VulnCheck represents less than one-tenth of 1% of our commercially-available Exploit & Vulnerability Intelligence product.
Below are some of the features of VulnCheck Exploit & Vulnerability Intelligence, which are not included in NVD++ from VulnCheck: