The Internet contains vast amounts of data; consequently, hindering information retrieval. Resources, such as the National Vulnerability Database (NVD), have emerged to remedy this situation. Organizations largely depend on the NVD in order to disclose vulnerabilities and collaborate towards a solution. However, there has been evidence that other sources are disclosing vulnerabilities more efficiently and rapidly. The objective of this paper is to evaluate vulnerability disclosure delays from the NVD in order to state its efficiency. Among several findings, we observed that the majority of vulnerabilities are delayed within 1-7 days. Based on these results, we provide recommendations for those who currently rely only on NVD, such as IoT manufacturers and developers.
