The CVSS standard has a "temporal" component that models the changing risk associated with a vulnerability over time, such as the publication of a working exploit. But NIST's NVD doesn't provide that kind of temporal information.
Do you know of any location or service (free or paid) that provides temporal data for CVSS?
I used to contract for iDefense and then later on for iSIGHT Partners, at both places we used the full CVSSv2 scoring including temporal data and reports were updated as exploit code came out/etc. (in fact this was on of the major priorities for us). iDefense got acquired by Verisign, I can only assume they still do this kind of work (it's been like 4+ years since I was there) and iSIGHT is definitely still doing it (barring some major shift in their products/etc.). http://www.idefense.com/ and http://www.isightpartners.com/. I assume the other major vulnerability services like Secunia and so on do the same, but I've never used their products or contracted for them so I can't say. I do know that tracking all that data properly is a lot of work so most people don't =).
