Limitations of modern vulnerability scanners and CVE Systems

The identification of vulnerabilities in dealing with potential attacks can only be effective for the cybersecurity landscape if it is accurate and in a timely manner. The Common Vulnerabilities and Exposures (CVE) system, that is, the system owned by the National Institute of Standards and Technology (NIST), is an anchor for the identification and tracking of vulnerabilities on a global scale. Modern vulnerability scanners, though that are based on CVE data, have many drawbacks because of inconsistencies and incompleteness of the CVE reporting formats, namely, NIST University format. This research takes a critical look at such limitations mentioned above, identifying challenging areas such as non-standardized data, false positives and negatives, and trivial CVE assignments that diminish scanner effectiveness. The study compares several tools for vulnerability assessment and examines current mechanisms for real-time CVE tracking in the light of numerous recommendations to improve standardization and cooperation for the increased usefulness and accuracy of vulnerability detection in the course of academic research and real-world cybersecurity operations.