NIST Awards Analygence $125M Contract to Address Vulnerability Database Backlog

The National Institute of Standards and Technology has awarded Analygence a $125 million, five-year contract to address the agency’s National Vulnerability Database backlog.

The NVD backlog started in February and led to a significant slowdown in its updates, prompting NIST to consider private supporthelp, Nextgov/FCW reported.

Prior to the backlog, cybersecurity professionals relied on the NVD’s comprehensive vulnerability data and severity scoring system to identify and prioritize potential risks.

The database also played a role in training machine learning models designed to predict vulnerabilities in software products.

Nextgov/FCW cited an analysis by VulnCheck that revealed that since February, NIST has not analyzed nearly 93 percent of reported vulnerabilities, hindering patch management efforts.

NIST aims to resolve the backlog by year-end, as stated in a May 29 update, and emphasized its commitment to maintaining and modernizing the database.

The Maryland-based Analygence had previously partnered with NIST to aid in the agency’s information security research and has already collaborated with the Cybersecurity and Infrastructure Security Agency and the Naval Air Warfare Center.