Almost no one measures everything

Excludes MITRE

Looking for presence, not quality

Many fields are inconsistent

Fields are unstructured in unhlepful ways (e.g. Exploit)

CVEs may contain info, but not in the right place (e.g. CWE)

Assumes it is in the correct place!