> According to NIST, while the National Vulnerability Database (NVD) is processing incoming CVEs at the same rate as before the slowdown in spring and early summer 2024, a 32 percent jump in submissions last year means that the backlog continues to grow.
> CISA had previously been supporting the NIST NVD program with approximately $3.7 million per year in interagency funding, which they have discontinued
2024
> While NIST has since reallocated $8.5 million to NVD for fiscal years 2024 and 2025
Assuming that's spread over both years it wasn't as big of an increase as I said, but is still an increase even inflation adjusted.
> 2025 article claims 30% increase in 2024 workload
Underfunding in the face of more workload isn't itself a funding cut.
> While NIST has since reallocated $8.5 million to NVD for fiscal years 2024 and 2025, this funding remains a fraction of the $300 million to $400 million estimated to be needed annually to fully restore capacity, with an additional $120 million to $150 million required to prevent further system “deterioration.”
Did NVD receive 300MM annual funding pre-2024? That would be a 98% funding cut.
2025 article claims 30% increase in 2024 workload, https://www.securityweek.com/mitre-signals-potential-cve-pro...
> According to NIST, while the National Vulnerability Database (NVD) is processing incoming CVEs at the same rate as before the slowdown in spring and early summer 2024, a 32 percent jump in submissions last year means that the backlog continues to grow.