Recent bulletins seem to have very few if not none of the growing backlog categorized.
See for your self at https://www.us-cert.gov/ncas/bulletins/ currently 279 not yet calculated
Now if there is a problem here then surely this means your Vendors may not be including these into there detection's thus widening the gap on what gets patched, or at the very least prioritized.
Surely this is bad for global security but good for US intel/signals groups having easier targets.
Why is the US-Cert the only cert capable of producing these notifications, Why are none of the other Global Certs doing anything similar?
Is the problem is actually upstream with NIST NVD?
Anybody know anything different, is this US policy change(making rest of world pay its fair share)??
No further info on the CVE but just as context/an aside VirusTotal did look to reduce the access to less enthusiastic participants.