#nist — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #nist, aggregated by home.social.
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Weekend Reading from TechAptitude!
Get to know new Cryptography Standards (FIPS 20-3, FIPS 204, FIPS 205, FIPS 206) developed by NIST to withstand quantum attacks and prevent the so-called “Q-Day”. Q-Day is an estimate of the point in time when quantum computers will be able to reliably break existing RSA-2048 cryptography. https://techaptitude.substack.com/p/quantum-technologies-nist-drives #PQC #NIST #Cryptography #Q_Day #PostQuantumCryptography #Quantum #Encryption #CryptographyAlgorithms #TechAptitude
-
US-Behörde soll KI-Modelle vor Veröffentlichung überprüfen | iX Magazin https://www.heise.de/news/US-Behoerde-soll-KI-Modelle-vor-Veroeffentlichung-ueberpruefen-11284416.html #ArtificialIntelligence #AI #Microsoft #Google :google #DeepMind #GoogleDeepMind #xAI #CAISI #NIST
-
A new experiment deepens the physics mystery over “big G” Last month, a NIST team published a 10-year study to measure "big G," the gravitational constant. It didn't settle the debate, but rather revealed what everyone should consider. bigthink.com/starts-with-... #physics #NIST #G
A new experiment deepens the p... -
#CyS #NIST
NIST SP 800-82r3 is a good read and excellent starting point when it comes to OT cyber securityhttps://csrc.nist.gov/pubs/sp/800/82/r3/final
on page 19
OT security objectives typically prioritize integrity and availability, followed by
confidentiality, but also must consider safety as an overarching priority.
Possible incidents that an OT system may face include:
• Blocked or delayed flow of information through OT networks, which could disrupt OT
operation, including loss of view and loss of control -
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
Go's crypto library got FIPS 140-3 certified
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5247
-
I am worried, that the announcement of NIST to drastically reduce the enrichment of CVEs might impact us more than we realize. The question now becomes how organizations handle the upcoming blind spots in their CVE coverage.
Source: https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
-
All the details that you could want on writing with SI metric system units.
Because for us Americans, this is some weird shit. -
Introduction to the NIST Risk Management Framework:
This post covers:
• What the NIST RMF is and why it matters
• The seven steps of the framework
• How it fits into a broader security programRead here: https://graylog.org/post/an-introduction-to-the-nist-risk-management-framework-rmf/
-
#Cybersecurity Overload: Auch beim #NIST hält die #KI-Überlastung mit einem Meldungsanstieg von 263% Einzug. Deshalb hat man sich dazu entschlossen, IT-#Schwachstellen nur nach einem risikobasierten Modell zu pflegen.
Das bedeutet: Seit Mitte April werden #CVE-Einträge nur noch dann vollständig mit Detailinformationen und Risikobewertungen angereichert, wenn sie besonders kritisch sind. Alles andere landet fortan ohne Auswertung in der Kategorie "niedrigste Priorität":
https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
-
Any Color You Like: NIST Scientists Create ‘Any Wavelength’ Lasers in Tiny Circuits for Light
-
NIST changes NVD rules, 160+ MSFT patches, and a new 'Comment and Control' attack targeting AI agents. #CyberSecurity #NVD #NIST #PatchTuesday #AISecurity 🧵👇
-
NIST changes NVD rules, 160+ MSFT patches, and a new 'Comment and Control' attack targeting AI agents. #CyberSecurity #NVD #NIST #PatchTuesday #AISecurity 🧵👇
-
#NIST Limits #CVE Enrichment After 263% Surge in Vulnerability Submissions
https://thehackernews.com/2026/04/nist-limits-cve-enrichment-after-263.html
-
⚠️ Risky Bulletin: NIST gives up enriching most CVEs - Risky Business Media
「 NIST says its staff will only add data—in a process called enrichment—only for important vulnerabilities.
This will include three types of security flaws, which the agency says are critical to the safe operation of US government networks and its private sector. 」https://risky.biz/risky-bulletin-nist-gives-up-enriching-most-cves/
-
Design by Contract в эпоху AI: как контракты Мейера защищают криптографию там, где тесты молчат
Design by Contract Мейера не взлетел в 1986 из-за двойной работы. AI-агент убирает вторую половину. Я построил PKI-систему с аппаратным TRNG, формальными контрактами на криптографию и открытым репозиторием, чтобы это доказать.
https://habr.com/ru/articles/1025244/
#Design_by_Contract #PKI #криптография #AI #TRNG #NIST #embedded #контракты #безопасность
-
🎨🔬 Wow, #NIST has learned to make #lasers in any color—guess they've finally caught up with my 90s #rave lights! 🌈✨ Meanwhile, the geniuses at .gov are still figuring out how to secure a #website. #Priorities #ScienceComedy
https://www.nist.gov/news-events/news/2026/04/any-color-you-nist-scientists-create-any-wavelength-lasers-tiny-circuits #Colorful #Science #Innovation #Lights #Security #HackerNews #ngated -
🎨🔬 Wow, #NIST has learned to make #lasers in any color—guess they've finally caught up with my 90s #rave lights! 🌈✨ Meanwhile, the geniuses at .gov are still figuring out how to secure a #website. #Priorities #ScienceComedy
https://www.nist.gov/news-events/news/2026/04/any-color-you-nist-scientists-create-any-wavelength-lasers-tiny-circuits #Colorful #Science #Innovation #Lights #Security #HackerNews #ngated -
Any Color You Like: NIST Scientists Create 'Any Wavelength' Lasers
#HackerNews #NIST #Lasers #AnyWavelength #Technology #Innovation #Science
-
#NIST Limits #CVE Enrichment After 263% Surge In #Vulnerability Submissions https://it.slashdot.org/story/26/04/17/2127243/nist-limits-cve-enrichment-after-263-surge-in-vulnerability-submissions?utm_source=rss1.0mainlinkanon&utm_medium=feed
-
NIST has confirmed a major policy shift, drastically reducing its CVE enrichment efforts and focusing only on critical vulnerabilities like those in CISA's KEV catalog. This move, driven by an overwhelming backlog and budget cuts, means security teams can no longer depend on the NVD as a single source of truth, forcing a re-evaluation of vulnerability management strategies and skepticism towards…
🤖 This post was AI-generated.
-
🚨 Breaking: #NIST throws in the towel on enriching CVEs! 🎉 Because, why bother making #vulnerabilities understandable when we can just drown 'em in alphabet soup? 🍜💻 Clearly, "keep it simple" is a foreign concept. 🙄
https://risky.biz/risky-bulletin-nist-gives-up-enriching-most-cves/ #CVE #simplification #tech #news #cybersecurity #humor #HackerNews #ngated -
This Week in Security: Docker Auth, Windows Tools, and a Very Full Patch Tuesday
-
This Week in Security: Docker Auth, Windows Tools, and a Very Full Patch Tuesday
-
«NIST — Analyse von @CVE_Program nach 263 % Anstieg eingeschränkt:
Das US-amerikanische National Institute of Standards and Technology (#NIST) kann mit der Flut an neuen #Sicherheitslücke'n nicht mehr Schritt halten. Ab sofort werden nur noch kritische und aktiv ausgenutzte #Schwachstellen (#CVE) detailliert angereichert»Nicht nur KI unterstütztes Hacking nimmt zu, sondern vor allem auch das #KI generierte Fehlermeldungen um Gewinn zu ergaunern sind massiv gestiegen.
😒 https://www.it-daily.net/shortnews/nist-sicherheitsluecke-anstieg
-
NIST Curtails CVE Enrichment Amid Vulnerability Surge
The National Institute of Standards and Technology (NIST) is overhauling its approach to enriching entries in the National Vulnerability Database (NVD) due to a staggering 263% surge in vulnerability submissions. To keep pace, NIST will now prioritize enrichment for only the most critical entries that meet specific conditions.
#VulnerabilityManagement #Nist #NationalVulnerabilityDatabase #Nvd #Cve
-
📰 NIST Overhauls NVD, Will No Longer Enrich All CVEs Amidst 'Unsustainable' Surge in Reports
Major shift for vulnerability management: NIST will no longer enrich all CVEs in the NVD due to overwhelming volume. 📢 Focus will be on critical & exploited flaws. Time to re-evaluate your VT processes! #NIST #NVD #CVE #CyberSecurity
-
NIST Shifts Focus to Enriching Exploited Vulnerabilities
The National Vulnerability Database is shifting gears: going forward, it'll prioritize enriching newly reported and actively exploited vulnerabilities, temporarily deprioritizing older entries. This change comes as the database faces an unprecedented surge in reported software flaws, with a record number of Common Vulnerabilities and…
#Nist #NationalVulnerabilityDatabase #Nvd #Cve #ExploitedVulnerabilities
-
NIST Shifts Focus to Enriching Exploited Vulnerabilities
The National Vulnerability Database is shifting gears: going forward, it'll prioritize enriching newly reported and actively exploited vulnerabilities, temporarily deprioritizing older entries. This change comes as the database faces an unprecedented surge in reported software flaws, with a record number of Common Vulnerabilities and…
#Nist #NationalVulnerabilityDatabase #Nvd #Cve #ExploitedVulnerabilities
-
Tiens, le NIST a décidé, à partir d'aujourd'hui, d'enrichir uniquement les vulns du KEV et des logiciels critiques pour focaliser la qualité du travail sur les failles à grand impact potentiel.
Le reste sera toujours tracé mais pas enrichie et finalement privé du tant discuté score d'appréciation CVSS
👇
https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growthFun fact : Vulnerability-Lookup et donc aussi la Global CVE Allocation System (GCVE) a automatisé cette tâche chronophage d'évaluation de sévérité grâce à un modèle entraîné sur les données historiques, avec une précision estimée à 82,9 %.
👇
https://www.vulnerability-lookup.org/files/events/2025/Vuln4Cast-Cambridge-2025.pdf
👇
https://arxiv.org/abs/2507.03607 -
NIST Refocuses CVE Analysis Amid Vulnerability Surge
The National Institute of Standards and Technology (NIST) has adjusted its approach to vulnerability analysis, now prioritizing critical software, government systems, and actively exploited vulnerabilities amid a surge in reported threats. This strategic refocus aims to optimize its National Vulnerability Database's impact in a threat landscape…
#VulnerabilityAnalysis #Nist #NationalVulnerabilityDatabase #Nvd #Cve
-
MD6 - The Failed SHA-3 Hash You Likely Never Heard Of
While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.
After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.
MD6 - Pure Go port
https://github.com/cyclone-github/md6hashgen v1.3.1 - MD6 support
https://github.com/cyclone-github/hashgen#md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port
-
#Cybersécurité:le prix #Turing 2026 couronne l'ère de l' #inviolabilité #quantique
C'est bien, ça va un peu combattre l' #invisibilisation,probablement volontaire de l'apport des #chercheurs #français dans les 4 #protocoles #quantiques #publics retenus par le #NIST
-
New #openaccess publication #SciPost #Physics #Codebases
QDFlow: A Python package for physics simulations of quantum dot devices
Donovan L. Buterakos, Sandesh S. Kalantre, Joshua Ziegler, Jacob M. Taylor, Justyna P. Zwolak
Paper:
SciPost Phys. Codebases 65 (2026)
https://scipost.org/SciPostPhysCodeb.65QDFLow-v1.0:
SciPost Phys. Codebases 65-r1.0 (2026)
https://scipost.org/SciPostPhysCodeb.65-r1.0 -
New #openaccess publication #SciPost #Physics #Codebases
QDFlow: A Python package for physics simulations of quantum dot devices
Donovan L. Buterakos, Sandesh S. Kalantre, Joshua Ziegler, Jacob M. Taylor, Justyna P. Zwolak
Paper:
SciPost Phys. Codebases 65 (2026)
https://scipost.org/SciPostPhysCodeb.65QDFLow-v1.0:
SciPost Phys. Codebases 65-r1.0 (2026)
https://scipost.org/SciPostPhysCodeb.65-r1.0 -
New #openaccess publication #SciPost #Physics #Codebases
QDFlow: A Python package for physics simulations of quantum dot devices
Donovan L. Buterakos, Sandesh S. Kalantre, Joshua Ziegler, Jacob M. Taylor, Justyna P. Zwolak
Paper:
SciPost Phys. Codebases 65 (2026)
https://scipost.org/SciPostPhysCodeb.65QDFLow-v1.0:
SciPost Phys. Codebases 65-r1.0 (2026)
https://scipost.org/SciPostPhysCodeb.65-r1.0 -
New #openaccess publication #SciPost #Physics #Codebases
QDFlow: A Python package for physics simulations of quantum dot devices
Donovan L. Buterakos, Sandesh S. Kalantre, Joshua Ziegler, Jacob M. Taylor, Justyna P. Zwolak
Paper:
SciPost Phys. Codebases 65 (2026)
https://scipost.org/SciPostPhysCodeb.65QDFLow-v1.0:
SciPost Phys. Codebases 65-r1.0 (2026)
https://scipost.org/SciPostPhysCodeb.65-r1.0 -
New #openaccess publication #SciPost #Physics #Codebases
QDFlow: A Python package for physics simulations of quantum dot devices
Donovan L. Buterakos, Sandesh S. Kalantre, Joshua Ziegler, Jacob M. Taylor, Justyna P. Zwolak
Paper:
SciPost Phys. Codebases 65 (2026)
https://scipost.org/SciPostPhysCodeb.65QDFLow-v1.0:
SciPost Phys. Codebases 65-r1.0 (2026)
https://scipost.org/SciPostPhysCodeb.65-r1.0 -
U.S. science agency moves to restrict foreign scientists from its labs
https://www.science.org/content/article/nist-moves-restrict-foreign-scientists-its-labs
#HackerNews #U.S. #science #agency #foreign #scientists #labs #restrictions #NIST #research #policy
-
Cloudflare becomes first SASE platform with post quantum encryption across entire stack
https://fed.brid.gy/r/https://nerds.xyz/2026/02/cloudflare-post-quantum-sase/
-
Seit mindestens 2015 ist klar, dass #SHA1 kaputt ist
Seit 2022 sagt #NIST, man soll SHA1 nicht nutzen
Seit 2025 ist angekündigt, dass #Debian SHA1 ab Februar 2026 nicht mehr akzeptieren wird.Und jetzt ratet mal, wer zum Stichtag immer noch SHA1 nutzt und wessen Software daher nicht mehr installiert/aktualisiert werden kann.
- Microsoft #Azure
- #Ubiquity
- Teile von #NodeJSAlso die Bereiche, in denen Security ja offensichtlich keinerlei Relevanz hat.
-
It is a matter of time before Quantum Computing gains the ability to crack today’s core public key encryption methods.
Our latest post on TechAptitude outlines the efforts by NIST to generate new cryptography standards to help withstand future quantum powered cyber attacks. Check it out!
https://techaptitude.substack.com/p/quantum-technologies-nist-drives #Cryptography #Quantum #QuantumTechnology #QuantumComputing #NIST #FIPS #CodeBreaker #Encryption #QDay #PQC #PostQuantumCryptography #Passwords #Ciphers #Algorithm #TechAptitude
-
La bonne nouvelle : les solutions existent déjà. En 2024, le #NIST ( #National #Institute of #Standards and #Technology) a finalisé ses trois premières normes #post- #quantiques ( #PQC) : #ML- #KEM pour encapsulation de clés, #ML- #DSA et #SLH- #DSA pour les #signatures.
