Industry Vulnerability Disclosure Trends
First, let’s look at the vulnerability disclosures each year since the CVE List was started in 1999. It is interesting to note that I can find vulnerabilities with publication dates going back to January 1989 (CVE-1999-1471) in the NVD. Vulnerabilities published prior to 1999 appear to have been assigned CVE IDs starting with “1999” because that’s when the first CVE List was collected and published by MITRE. An archived bulletin published by the Computer Security Division Information Technology Laboratory (ITL) at NIST in July 2000 provides some historical insight into the early days of the NVD. NIST’s original CVE search service was called ICAT.
The Computer Security Division at NIST’s Information Technology Laboratory has created a searchable index containing 700 of the most important publicly known computer security vulnerabilities. This index, called ICAT (pronounced eye-cat), helps the...
