- 2,100+ CVEs went unenriched in early 2024.
- Backlog hit nearly 30,000 CVEs by December 2024.
- MITRE assigned 48,000+ new CVEs last year.
NIST halted enrichment of most CVEs in its NVD by December 2024. The agency's dashboard shows backlogs swelling from 2,100 in early 2024 to nearly 30,000. MITRE assigned over 48,000 new CVEs last year (NIST NVD Dashboard).
Nigerian fintech firms and NITDA regulators now face intelligence gaps. NVD data drives security tools and NITDA compliance in Nigeria's $2 billion sector.
Teams shift to CISA's KEV catalog for exploited vulnerabilities (CISA KEV).
NVD Enrichment Halt Strains NITDA Compliance
MITRE assigns CVE IDs (MITRE CVE Assignment). NIST previously provided CVSS scores and references for prioritization.
Flutterwave's Chinasa Uche, Head of Security, told Technology Times: "NVD gaps delay NITDA cybersecurity compliance and NDPA data protection." Nigeria's fintech handles 1.5 billion NGN transactions yearly.
Mandiant's M-Trends 2024 report notes pro-Russian hacktivists exploited unpatched flaws at a Swedish power plant. NITDA alerts highlight similar grid risks in Nigeria.
NIST Cites CVE Surge for Policy Shift
NIST announced the change after its January 2024 meeting. Over 48,000 annual CVEs overwhelmed resources, per agency statements.
Sooraj Shah, CEO of Aikido Security, told Risky Business: "No single source of truth exists now. One database limits coverage" (Risky Business).
Nigeria's National Cybersecurity Policy 2021 ties to global standards, but U.S. shifts challenge NITDA.
Unenriched CVEs Slow Nigerian Audits
Nigeria lacks local CVE databases. NITDA requires NVD data for NDPA software certification.
Lagos developers report audit delays. South Africa's ICASA and Kenya's CA face parallel issues.
CISA KEV covers only exploited bugs. Nigerian banks demand full data post-2024 hacks.
Flutterwave processes NGN 1.5 trillion yearly; gaps extend exposure.
NITDA Builds Local Threat Intelligence
CcHUB scans open-source code with NVD feeds. Tiny libraries hide CVEs sans metadata.
Kashifu Inuwa Abdullahi, NITDA DG, said at GITEX Africa 2024: "We build local databases against disruptions like NIST's CVE policy shift."
Lagos averages 4-6 hours daily power; high bandwidth costs widen risks (World Bank Nigeria Data).
African Strategies Counter NIST CVE Policy Shift
NITDA's Cybersecurity Centre monitors NVD daily. Leaders push diversification.
EU's ENISA enriches CVEs via NIS2. Nigeria eyes MITRE ties and Google's OSV.
Kenya's CA mandates local scans; South Africa tests ICASA databases.
Path Forward for Nigerian Cybersecurity
NITDA advances local platforms and OSV adoption. Developers adopt multi-tool workflows.
Backlogs raise exploit risks in fintech hubs. NITDA refines standards despite the NIST CVE policy shift.
Frequently Asked Questions
What is NIST's CVE policy shift?
NIST deprioritizes NVD enrichment for most CVEs, leaving 30,000+ without metadata like CVSS scores. Decided post-January meeting amid backlogs.
How does the NIST CVE policy shift affect Nigeria?
NITDA relies on NVD for NDPA compliance. Unenriched CVEs slow Nigerian fintech threat responses and software audits.
Why did NIST halt CVE enrichment?
48,000+ annual CVEs caused backlogs. Resources strained; shift focuses on core roles.
What alternatives replace NVD enrichment?
CISA KEV for exploited bugs, MITRE for numbers, Google's OSV for open-source. Nigeria builds local capacity.
