The industry-wide program for naming and documenting vulnerabilities suffers from fluctuating funding and insufficient oversight, according to a House panel.
There is a median lag time of approximately seven days between when someone discovers an exploitable software vulnerability and its eventual release on NIST's National Vulnerability Database,…