Alerts Help Agencies Respond to Cybersecurity Vulnerabilities
First are bulletins, also known as security bulletins, which list all vulnerabilities added to the National Institute of Standards and Technology’s National Vulnerability Database (NVD) in the past week. Agencies should review these for a snapshot of the previous week’s new vulnerabilities.
Vulnerabilities are grouped based on their severity — high, medium or low — and are listed within each group alphabetically by vendor and product name. Each entry contains basic information about the vulnerability as well as links to patching information, vendor bulletins and the related NVD entry. NVD grows by numerous vulnerabilities per day, so one weekly bulletin may have more than 100 entries.
Bulletins are probably most useful to an agency’s system administrators and vulnerability management personnel, who have the expertise to scan for new vulnerabilities that might affect them. NVD also offers more detailed, machine-readable data on vulnerabilities.
The current activity content appears several times per week, enabling IT staff to plan vulnerability remediation. These announcements are mostly brief descriptions of patches and other updates that eliminate vulnerabilities in widely used software, with pointers to vendor advisories and bulletins with more information.