The United States' national cyber shield is weakening under the onslaught of a growing number of attacks.
The U.S. National Vulnerability Database (NVD) continues to face mounting difficulties — despite efforts to restore the previous pace of processing information, the lag in publishing vulnerability entries (CVEs) continues to grow. This was reported in the latest news briefing from the U.S. National Institute of Standards and Technology (NIST), published on March 19, 2025.
According to the institute, CVEs are currently processed at volumes comparable to those recorded before the spring-summer slowdown of 2024. However, the overall number of new vulnerabilities in 2024 increased by 32%, and the previous processing pace is no longer keeping up with the load. As a result, the accumulated backlog of unprocessed entries continues to grow.
The forecast for 2025 is also worrisome. NIST expects that the number of new vulnerability reports will only increase, making timely and accurate data processing even more critical. It is emphasized that the importance of the NVD as a cybersecurity tool is growing: the protection of U.S. infrastructure, economy, and digital services directly depends on its effectiveness.
To cope with the growing volume of information, the project team is taking measures to optimize internal processes. In particular, work is underway to reorganize existing procedures, and machine learning technologies are being tested. They plan to use these technologies to automate routine operations that currently require significant manual effort from analysts.
The current situation with the NVD highlights a systemic problem faced by governmental structures around the world: the number of digital vulnerabilities is growing faster than the infrastructure capable of analyzing and classifying them. At the same time, any failures or delays in data processing increase the risks for both private companies and government systems.
It remains unclear how effective the implemented measures will be. However, the mere fact of acknowledging the growing backlog and attempting to introduce automation indicates a shift towards a more flexible and technologically adaptive working model. The speed and quality with which the process can be restructured will affect not only the reputation of the NVD but also the overall level of digital resilience in the United States.
Meanwhile, industry participants are watching the situation closely. The National Vulnerability Database remains the primary public source of CVE data — its timely updates are critically important for the global community that depends on accurate and prompt information about cyber threats.
At the same time, against the backdrop of NVD's slowing operations, the popularity of alternative sources of vulnerability information is growing. Third-party services such as CVE.ORG, OpenCVE, and Feedly.com are gaining increasing recognition, as they provide access to up-to-date CVE data and quickly respond to the emergence of new threats.
These platforms are becoming an important aid for professionals who cannot rely solely on the official NIST database due to its current delays.