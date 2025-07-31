Recent BDSA insights

In the first quarter of 2025, the vulnerability analyst team created 3,800 BDSAs. At the time this blog is being written, 62% of those BDSAs do not have an associated analyzed NVD CVE. That means no common platform enumeration (CPE) information or vulnerable range insights exists for teams to assess their impact. Of these vulnerabilities

56% are “awaiting analysis” in the NVD

41% are malware advisories, which the NVD does not cover

2% have no CVE coverage

1% are “undergoing analysis” in the NVD, without vulnerable software versions

In this same time frame, the NVD analyzed 1,289 CVEs impacting open source software, all of which have a corresponding BDSA. A full 97.6% of BDSAs made it into the KnowledgeBase faster than the NVD analyzed the CVEs. Throughout the same time frame BDSAs were issued an average of 165 days faster that NVD-analyzed CVEs. For high and critical risk vulnerabilities, BDSAs were 203 days faster, on average.