Risky Bulletin Newsletter
July 31, 2024
Risky Biz News: NVD backlog unlikely to get addressed by September
Presented by

News Editor
New numbers released at the end of last week suggest that US NIST is unlikely to make any significant progress in addressing a backlog of unprocessed vulnerabilities at the National Vulnerability Database (NVD).
The backlog began in February when NIST analysts slowed down the rate at which they were processing and enriching NVD entries, releasing many CVEs with little to no information about the nature of the security flaw, severity scores, and fixed or vulnerable software versions.
The slowdown had a major impact on the vulnerability management section of the cybersecurity community, which was relying on these entries to help inform customers about which bugs to patch first.