NIST’s vulnerability database logjam is still growing despite attempts to clear it

Vulnerability submissions increased 32% in 2024, NIST said. The agency is considering machine learning to automate certain vulnerability analysis tasks.

Despite goals set last year by the National Institute of Standards and Technology to process a backlog of unanalyzed cybersecurity vulnerabilities, the agency said it’s not expecting a slowdown anytime soon.

The National Vulnerability Database — NIST’s cornerstone repository for researchers who use its contents and measuring tools to assess the dangers of cyber exploits — has been backed up with unanalyzed vulnerabilities since February last year. The scientific standards agency was projected to clear the logjam this month based on rates observed this past summer, Nextgov/FCW previously reported.

But NIST said Wednesday that vulnerability submissions increased 32% in 2024 and prior processing rates from spring and early summer last year are no longer sufficient to keep up with incoming submissions. The backlog is still growing as a result ...