The backlog of unanalyzed vulnerabilities for the National Vulnerability Database continues to grow, with new estimates suggesting the backlog could reach nearly 30,000 unanalyzed vulnerabilities by the end of 2024.
The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST), is the United States’ official repository for common vulnerabilities and exposures. Many scanners, analysts, and vendors depend on the NVD to determine what software has been affected by a vulnerability. When vulnerabilities are not added to the database in a timely manner, it impacts an enterprise defender’s ability to prioritize vulnerabilities that need immediate patching or to identify issues that affect multiple applications.
NVD currently has a backlog of 16,974 vulnerabilities and receives, on average, about 111 additional security flaws daily. Data from Fortress Information Security suggests that analysts would need to process more than 217…