It's about trust that the information is going to be up to date and reliable and available. This means we need trust in the organisation that manages this.

We've had no real updates to the existing CVEs for over a year now - lots of them just pending assessment. The communication about it has been misleading or non existent. Then the recent funding issue which threatened to close it down entirely, followed by maybe 11 more months of it? Who knows.

A huge number of infosec processes and tools depend on CVEs and the NVD as the main source of them.

So the trust is gone or rapidly going. We are all looking around in the infosec community and wondering what comes next.