Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog

Summary

A U.S. Commerce Department Office of Inspector General audit documents NIST's mismanagement of the National Vulnerability Database, finding no strategic plan, missed deadlines, duplicated enrichment work, and poor coordination with CISA. The audit reveals NIST wasted approximately $200,000 on duplicate enrichment activities and could recoup $800,000 over two years by eliminating redundant severity scoring, while the backlog grew from 13,000 to 27,000+ vulnerabilities between June 2024 and end of 2025.

Full text

Research/Security NewsMini Shai-Hulud Campaign Hits Red Hat Cloud Services npm PackagesA mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.By Socket Research Team - Jun 01, 2026

Entities