In February 2024, the security landscape experienced a significant disruption when the analysis of new vulnerability data within the National Vulnerability Database (NVD) ceased. The NVD has long been recognized as a foundational resource, supported by the FDA and relied upon worldwide for identifying and managing security vulnerabilities. This interruption has left thousands of new vulnerabilities unaddressed in most security tools, posing substantial challenges for organizations and security professionals globally. The recent gaps in NVD updates have prompted urgent discussions about the potential short-term disruptions and long-term consequences on vulnerability management.

As the industry grapples with these issues, both the NVD and the Cybersecurity and Infrastructure Security Agency (CISA) have embarked on distinct paths to mitigate the impact. The NVD has increased its capacity to analyze vulnerabilities, yet it struggles to overcome the significant backlog. Concurrently, CISA has launched a new initiative, Vulnrichment, aiming to augment the data from CVE.org. This divergence presents a new landscape in vulnerability management, where access to the most current security data may depend on varying sources.

The Large Language Models (LLM) Approach

Recognizing the urgency of these challenges, our team has conducted an in-depth analysis of vulnerabilities reported up to May 22, 2024. We compared how many of these were processed by the NVD, by CISA, and through our experimental application of Large Language Models (LLMs). Our approach involved fine-tuning an LLM to replicate and possibly enhance the data processing traditionally performed by the NVD. This method has shown promising results, achieving high accuracy using only historical data.

This initiative is part of our interim strategy to bridge the gap until the NVD and CISA can fully address their backlogs — a process that may take several months, if not longer. We are committed to transparency and innovation during this critical period and plan to offer more insights into our LLM-based enhancement as a public service in the upcoming weeks.

What next?

We invite feedback from the cybersecurity community as we refine our LLM-based approach. Our goal is to collaborate and share insights to ensure the highest standards of vulnerability management. Stay tuned for further updates as we continue to explore and refine solutions that uphold the integrity and efficacy of vulnerability management.

Contact us at info@medcrypt.com to provide feedback and learn more. Subscribe to our LinkedIn newsletter to receive more updates and visit us at medcrypt.com.

‍