A report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of vulnerabilities for inclusion in the National Vulnerability Database (NVD). But cybersecurity practitioners say that the backlog, although very real, has been building for years, and that the government is doing little to help.
NIST defenders point to budget cuts that have made its mission far more difficult. And a potentially bigger issue is that the nature of vulnerability identification and patching has changed sharply over the last two years, via genAI developments that have dramatically increased the number of vulnerabilities disco...