As of September 21, NVD still has 18,358 CVEs (72.4 percent of new reported vulnerabilities) that need to be analyzed. At the time of publication, the number has dropped slightly to 17,873. NIST updates these numbers daily, and they are all available via the NVD dashboard.
But a significant backlog remains,” Garrity said in his analysis published on Monday, the day of NIST's previously stated deadline. This points to ongoing challenges NIST faces in managing its security vulnerability processes.
the backlog adds risk to an already challenging cybersecurity landscape,” said Jason Soroko, senior fellow at Sectigo. This emphasizes the potential consequences of NIST's delay on broader security measures.
NIST didn’t respond to The Register’s questions about its growing accumulation of vulnerabilities nor VulnCheck’s study, illustrating a troubling lack of communication regarding the status of this critical issue.
Collection
[
|
...
]