[Docs] Add advisory sync benchmark note to README

README.md

@@ -269,6 +269,8 @@ Sync the local advisory database:
 cve-lite advisories sync
 ```
 
+In our local benchmark on the same machine, syncing the OSV npm dump with about `217,065` advisory records improved from `87.53s` to `8.84s` after bulk SQLite ingestion optimizations, or about `9.9x` faster end-to-end. Results will vary by machine and network conditions.
+
 Write the advisory database to a specific path:
 
 ```bash
@@ -305,17 +307,15 @@ cve-lite . --osv-url https://security.company.internal/osv
 
 The local advisory DB is only as current as the last successful sync.
 
-For now, the recommended model is:
+Offline scans now report advisory DB freshness and warn when the local DB appears stale or is missing sync metadata.
+
+The recommended model is:
 
 - sync the advisory DB on a schedule using cron, CI, or another automation system
 - distribute the refreshed DB where needed
 - run offline scans against that updated DB
 
-A future improvement is to add built-in advisory DB freshness metadata, such as:
-
-- last sync timestamp reporting
-- a TTL-style warning when the DB is older than a recommended threshold
-- clearer CLI guidance when a local advisory DB should be refreshed
+This helps keep offline scan results current without requiring developers to manually track advisory update cadence.
 
 ## Detecting malicious package incidents