Although NIST was concerned in 2007 about the SHA-2 algorithm being vulnerable, based on attacks on some of the variants, its worries turned out to be unfounded. Today, NIST maintains that SHA-2 is secure for everyday use. In fact, Polk cautioned that those still using SHA-1 for digital signatures should not wait to upgrade to SHA-3, because there are no commercial versions of the new hash algorithm yet. SHA-2 is perfectly secure, he said.
In fact, critics have questioned the need for SHA-3 at all, at least for the immediate future.
"When we started this process back in 2006, it looked as if we would be needing a new hash function soon," noted security expert Bruce Schneier wrote in a blog post. Schneier authored one of the five finalists in the competition. "We didn't know how long the various SHA-2 variants would remain secure. But it's 2012, and SHA-512 is still looking good."