NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.
The US government standards body just blew its self-imposed September 30 deadline to bring the speed at which its National Vulnerability Database (NVD) processes new flaws up to its pre-February rate, following a decline in output this year.
Patrick Garrity of infosec intelligence outfit VulnCheck, pored over the CVE-labeled bugs successfully analyzed by the NVD between February 12 and September 21, and reported "mixed" results.
NIST didn't respond to The Register's questions about its growing accumulation of vulnerabilities nor VulnCheck's study, and we will update this story if we receive word from the US agency.
According to Garrity: As of September 21, NVD still has 18,358 CVEs (72.4 percent of new reported vulnerabilities) that need to be analyzed. At the time of publication, the number has dropped slightly to 17,873. NIST updates these numbers daily, and they are all available via the NVD dashboard.
.png)
