news
Standards/Consortia: NIST and More
-
CoryDoctorow ☛ Pluralistic: Georgia’s voting technology blunder (18 Apr 2026)
Once the voting machine reps were around a table at IEEE – largely sheltered from antitrust scrutiny thanks to the broad latitude enjoyed by firms engaged in standardization, which is otherwise uncomfortably close to collusion – they admitted what everyone already knew: there was zero chance they were going to develop a new standard in time for the election.
Instead, they decided they were going to publish a "descriptive standard." Rather than designing a new standard, they'd write down the specs of their own products – the same products that were considered so defective they needed to be replaced before the election – and call that the standard.
-
Dark Reading ☛ How NIST's Cutback of CVE Handling Impacts Cyber Teams
The chilly air-conditioned Scottsdale ballroom hardly stirred while Harold Booth, program manager for NIST's National Vulnerability Database (NVD), discussed a major operational change — his organization is scaling back its operations and will prioritize which CVEs are chosen for enrichment, rather than taking them all on.
-
Dark Reading ☛ NIST Revamps CVE Framework, Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology (NIST) is changing its criteria for determining which software flaws fall under its Common Vulnerabilities and Exposures (CVEs) framework, citing challenges in keeping up with an ever-increasing volume of vulnerabilities.
-
RiskyBiz ☛ Risky Bulletin: NIST gives up enriching most CVEs
The US National Institute of Standards and Technology announced on Wednesday a new policy regarding the US National Vulnerability Database, which the agency has been struggling to keep updated with details for every new vulnerability added to the system.
Going forward, NIST says its staff will only add data—in a process called enrichment—only for important vulnerabilities.
This will include three types of security flaws, which the agency says are critical to the safe operation of US government networks and its private sector.
-
Maury ☛ Taking down my site on purpose
To help break out of this cycle, I've decided to remove IPv4 support on my site. Cutting off most of my readers is a bit hash, so it'll only be disabled for one day each month:
The 6th will now be IPv6 day.
Any attempts to access my site over IPv4 will yield a message telling you that your network still doesn't support a 30 year old standard. If you really want to access my site during the sixth, use your phone. All major cell carriers have long since caught up with the times (because giving each device it's own address improves performance).
-
Matt Stein ☛ Hand-Drawn Favicons
I went to design school so we should probably be expecting me to come up with more sophisticated and polished work—but in this case I don’t really care. It’s fun to draw and keep something simple enough that it’s legible at a tiny size.