The National Vulnerability Disclosure Database is an invaluable source of information for security professionals and researchers. However, in some cases, a vulnerability report is initially published with incomplete information, a situation that complicates incident response and mitigation. In this paper, we perform an empirical study of vulnerabilities that are initially submitted with an incomplete report, and present key findings related to their frequency, nature, and the time needed to update them. We further present a novel ticketing process that is tailored to addressing the problems related to such vulnerabilities and demonstrate the use of this system with a real-life use case.

翻译：国家漏洞披露数据库是安全专业人员和研究人员的宝贵信息来源。然而，在某些情况下，漏洞报告最初发布时信息不完整，这种情况使事件响应和缓解工作复杂化。本文对最初以不完整报告形式提交的漏洞进行了实证研究，并提出了关于其频率、性质以及更新所需时间的关键发现。我们进一步提出了一种新颖的工单处理流程，该流程专门用于解决与此类漏洞相关的问题，并通过实际用例展示了该系统的应用。