SRC013 — https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth |
| Authors | NIST (National Institute of Standards and Technology) |
| Date | April 15, 2026 |
Content Summary¶
NIST announces operational changes to NVD due to 263% increase in CVE submissions between 2020-2025. First quarter 2026 submissions are 33% higher than same period 2025. NIST enriched 42,000 CVEs in 2025 (45% more than any prior year) but cannot keep pace. New prioritization framework focuses on KEV catalog and federal government software.
Reliability: High¶
Official US government agency announcement — authoritative primary source for CVE growth data.
Relevance: High¶
Provides context for C003's 107% vulnerability increase — CVE database growth is a contributing factor.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Low risk | Official operational data from the NVD operator. |
| Measurement | Low risk | Based on NIST's own operational metrics. |
| Selective Reporting | Low risk | Transparent about both growth and capacity constraints. |
| Randomization | N/A | Operational reporting. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | Low risk | Government agency with public interest mandate. |