The Department of Commerce inspector general report on NIST's National Vulnerability Database reveals more than administrative failure; it exposes a foundational fracture in how the world assigns priority to software flaws. With the backlog doubling to over 27,000 unprocessed CVEs by late 2025 after NIST halted contractor payments in February 2024, organizations lost the single authoritative feed used to sequence patch deployment. This is not an isolated bureaucratic lapse. CISA's parallel Vulnrichment program, launched the same month, processed overlapping records in at least 21,000 cases, wasting roughly $200,000 while duplicating contractor effort on identical enrichment tasks. NIST declined repeated coordination overtures, a pattern consistent with earlier documented friction between standards bodies and operational security agencies. The IG's finding that NIST severity scores align with independent assessments only 12 percent of the time further erodes the database's value, especially since 80 percent of submissions already arrive pre-scored. Long-term consequences extend beyond federal systems. Every enterprise risk register, every SBOM generator, and every automated patch orchestration platform downstream of NVD now operates with stale or incomplete data, shifting prioritization power to commercial threat intelligence vendors whose coverage gaps remain opaque. Historical parallels include the 2019-2020 CVE assignment delays that left Log4Shell untracked for weeks; the same coordination vacuum has simply scaled. Absent structural reform—such as federated enrichment models with cryptographic provenance and real-time inter-agency ledgers—the erosion of public trust will accelerate reliance on closed ecosystems that favor paying customers over comprehensive defense. The IG correctly flags unsustainable processes, yet the deeper failure lies in treating vulnerability metadata as a static government service rather than dynamic critical infrastructure requiring resilient, multi-stakeholder architecture.