The website of the
National Vulnerability Database (NVD) remains down today, six days after malware was reportedly found on its servers.
Since March 8, users trying to reach NVD’s site have been redirected to a “Site/Page Not Available” announcement, coupled with a note that the site has “experienced an issue with its Web Services and is currently not available.” The website, hosted by the beltway-based National Institute of Standards and Technology (NIST) lab has long served as a repository for vulnerability management data and software flaw reporting.
The news was broken when Kim Halavakowski, chief security officer for a Finnish bank, emailed NVD about the outage after attempting to find some vulnerability information. NIST Director of Public Affairs Gail Porter responded with an email and said the NVD took its “public-facing” website down after malware was found on two NIST web servers last week and that while it’s working as quickly as it can to get the website back up, the group doesn’t know when exactly that will be..
Halavakoski broke the news when he reposted Porter’s email on
his personal Google+ page: “On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability,” Porter wrote.
