An Overview of the NIST NVD Backlog Debacle

In February 2024, The National Institute of Standards and Technology (NIST) attributed an increase in volume and structural changes in ...

Problems with the NVD started earlier this year, when NIST said it has been having difficulties with updating the vulnerability entries due to ...

The sheer number of reported vulnerabilities also poses a problem for analysis efforts; Flashpoint research found that NIST reported 33,137 ...

With the NVD backlog, they have effectively lost a critical resource, as many vulnerability scanners and other management tools rely on the CPE ...

The National Institute of Standards and Technology is still struggling with a backlog of over 19000 security vulnerabilities in its National ...

The NVD doesn't work properly because the incentives surrounding it produce a quantity over quality problem. The author claims these factors ...

The sheer glut of vulnerabilities that NIST must analyze combined with the agency's resource constraints has created a backlog in the NVD. “Even ...

On February 12, 2024, the NIST National Vulnerability Database (NVD) began slowing the processing and enrichment of new vulnerabilities.

The U.S. National Institute of Standards and Technology (NIST) has managed the NVD since 2000, when it was started as the Internet Category of ...

NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.

At current rates, nearly 30,000 vulnerabilities filed into NVD will still be awaiting analysis by the end of 2024, and may not be fully ...

Additionally, NIST is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) to integrate these unprocessed CVEs into ...

"The problem is scale," Soroko says. "NIST is going to open up the program to a consortia of vetted organizations from the industry in order to ...

Staff reassigned to deal with CVE backlog. Other than a short notice advising it was working to establish a new consortium to improve the NVD, ...

Despite the contract to improve processing rates, the outdated NVD infrastructure persists. NIST is working on longer-term modernization plans ...

NIST and the US Cybersecurity and Infrastructure Security Agency (CISA) are fashioning initiatives aimed at addressing the backlog problem. In ...

But in mid-February, important metadata from the NVD was removed and the organization struggled to process waves of new vulnerabilities. NIST ...

The NVD is struggling with a backlog of thousands of unprocessed CVEs, impacting CPE to CVE mappings, and leaving defenders in the dark on ...

Facing a growing backlog of reported flaws, NIST has extended a commercial contract with an outside consultancy to help it get on top of its ...

The National Vulnerability Database is currently suffering from a backlog of nearly 10000 unanalyzed common vulnerabilities and exposures ...