Thanks for the response. I know you're busy doing things like actually making SQLite 3 better. I can understand why you feel this way about NIST. Unfortunately what has happened to them is a system they created in 1999 to handle a few thousand CVEs has been put in a position where it had to process ~16k CVEs last year and the resources (in my opinion) just aren't there to do it right. At the same time, the process is opaque and not user friendly. I'm more than happy to write up a guide to help. I would also be willing to take a more active roll in helping the community respond to new and/or unwarranted CVEs if that would be helpful. Just let me know what works best for you.