The data quality from the vuln feeds really makes things harder, esp. in the containerized apps world.
Same thing was recently addressed by Daniel Stenberg, the author of the hugely popular Curl project in a post titled "NVD damage continued": https://daniel.haxx.se/blog/2023/06/12/nvd-damage-continued/
WDYT? Should we just completely ignore NVD?