News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | NIST's National Vulnerability Database Faces Delays

I spotted this in Dark Reading and wanted to highlight it.  The National Vulnerability Database (NVD) operated by NIST has experienced a significant slowdown, leaving many vulnerabilities without essential metadata. This has raised concerns among security experts and enterprise security managers who rely on the NVD for threat information. MITRE, the contractor responsible for CVE collection, has also faced criticism for not addressing the issue. The NVD freeze poses challenges for patching vulnerabilities and may give bad actors more time to exploit enterprise networks.

So, I’ll pair that with coverage about CISA’s budget requests.   The Cybersecurity and Infrastructure Security Agency (CISA) is planning to increase staff and implement technology upgrades to support the new cyber incident reporting rules. The agency is requesting a budget of $116 million in fiscal 2025 for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) program, which includes hiring 122 full-time employees. CISA also aims to roll out significant technology enhancements, such as an unclassified ticketing system and an incident reporting web app. CIRCIA aims to provide earlier insights into cyber attacks on critical infrastructure entities and coordinate responses. The regulations require crucial infrastructure operators to report cyber incidents to CISA within 72 hours.

While I’m covering these moves, The General Services Administration (GSA) has issued a new acquisition letter to make buying cloud services more accessible for agencies. The letter allows contracting officers to use upfront payments for software-as-a-service (SaaS) without violating federal procurement law. The GSA’s changes aim to enhance competition and drive better pricing, mainly benefiting small businesses. However, an amendment to the Anti-Deficiency Act is still needed to allow industry billing in arrears for cloud services on a consumption basis.

Why do we care?

There’s a lot about funding here.    If you value their capabilities, NIST and CISA need to be funded.   Both of these services are bedrock services for delivering cybersecurity.  

 

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories