- The best Chromebooks for students in 2025: Expert tested and reviewed
- The top-selling smartphone in 2025 so far might surprise you - here's why
- Apple Intelligence hasn't lived up to my expectations, but these 3 upgrades could win me back
- Samsung launches One UI 8 beta - what's new and how to join
- This 230-piece Craftsman toolset is still just $99 at Lowe's
US Government Launches Audit of NIST’s National Vulnerability Database
The US government has begun an audit of its National Vulnerability Database (NVD) to ensure its team can catch up with the vulnerability backlog.
In a May 20 memo, the US Department of Commerce’s Office (DoC) of Inspector General announced plans to conduct an audit of the National Institute of Standards and Technology (NIST) regarding its oversight of the NVD.
The audit is focused on examining NIST’s procedures for handling NVD submissions, following a significant backlog that developed within the agency last year.
The review aims to assess the effectiveness of NIST’s management processes and identify areas for improvement to prevent similar backlogs from occurring in the future.
The DoC’s Kevin D. Ryan, Acting Assistant Inspector General for Audit and Evaluation, detailed the pending audit in a memorandum to Craig Burkhardt, the Acting Under Secretary for Standards and Technology.
“We plan to begin this work immediately. We will contact your audit liaison to schedule an entrance conference, at which time we will discuss the specific nature of our audit with you, including our objective and scope, time frames, and any potential requests for data,” the letter read.
Catching Up With the Vulnerability Backlog
The NVD has faced significant challenges over the past year due to the termination of a crucial contract that supported its operations in early 2024, leading to a substantial backlog of unanalysed vulnerabilities.
As a result, a growing volume of newly identified vulnerabilities has remained unexamined by the NVD team, creating a considerable analysis bottleneck.
In April 2025, Tanya Brewer, the NVD Program Manager, and Matthew Scholl, Chief of the Computer Security Division at NIST, shared some of NVD’s latest updates during the VulnCon conference, an event dedicated to vulnerability management in Raleigh, North Carolina.
They announced several improvements in how the NVD processes vulnerabilities and said they were working on new strategies to catch up with the backlog, including automating more data analysis tasks and exploring AI-powered methods to assist them.
