Read more analysis about the NVD vulnerability backlog:
- NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold
- NIST Unveils New Consortium to Operate National Vulnerability Database
- CISA Launches Vulnrichment Program to Address NVD Challenges
A recent rise in software vulnerability exploits has come as the US National Vulnerability Database (NVD), the world’s most comprehensive vulnerability database, experiences its most significant crisis in history.
After experiencing a vulnerability enrichment slowdown in mid-February 2024, experts working in software security have told Infosecurity that the database run by the US National Institute of Standards and Technology (NIST) stopped showing new vulnerabilities since May 9.
Cybersecurity professionals from the public and private sectors are trying their best to document the three-month-long vulnerability backlog and fill the gaps where they can.
Three Months of Vulnerability Backlog
Since issues with vulnerability enrichments first emerged on February 12, NIST has analyzed only 4524 of the 14,286 common vulnerabilities and exposures (CVEs) received so far this year.
Having so many unanalyzed vulnerabilities means attackers have an opportunity to exploit them.
Speaking to Infosecurity at the RSA Conference, Immanuel Chavoya, CEO and Founder of RiskHorizon.ai, said he observed that vulnerabilities that have not yet been fully processed by the NVD were being actively exploited in the wild.
No tags.
