National Vulnerability Database / NVD Delays

Facing unprecedented pressures, the National Vulnerability Database / NVD is experiencing significant delays in processing vulnerability disclosures, as highlighted in recent discussions at VulnCon 2024.

  • staffing has not increased in a few years
  • There has been a 3x increase in inbound email notifications
  • 22%ish year-of-year growth of volume
  • 300 and growing CNA organizations reporting vulnerabilities
  • There are no magic AI solutions in the works to offload low-effort work

In response, NIST/NVD is actively seeking collaboration with other agencies and the private sector to strengthen the vulnerability management ecosystem.

If your vulnerability management solution relies solely on NVD data you are in a bit of a pickle. The current initiatives, while necessary, may not quickly resolve the backlog due to the inherent challenges of government-run programs. It might be time to augment your vulnerability solution with a faster and more actionable data feed.