Adrian Johnson
TLDR:
- NIST has awarded Analygence a $125 million contract to help clear the backlog in its National Vulnerability Database.
- 93% of new vulnerabilities have not been analyzed by NVD since February 12.
NIST taps Analygence to help fix vulnerability database backlog
The National Institute of Standards and Technology (NIST) has awarded a $125 million, five-year contract to Maryland cybersecurity firm Analygence to address a backlog in its National Vulnerability Database (NVD). The NVD has not been updated for several months, leading to a backlog of entries that has left cybersecurity researchers without up-to-date information on system vulnerabilities.
Analygence, with a history of working with federal agencies, including contracts with the Cybersecurity and Infrastructure Security Agency (CISA) and the Naval Air Warfare Center, has been tasked with helping untangle the backlog in the NVD. This project comes as NIST faces an 8% budget cut while being responsible for critical emerging tech and national security research.
As a result of the backlog, 93% of new vulnerabilities reported since February 12 have not been analyzed by the NVD. This delay in updating the database has significant implications for cybersecurity professionals, who rely on the NVD to identify and assess potential cyber exploits. NIST aims to clear up the backlog by the end of the year.
Despite the challenge, NIST remains committed to maintaining and modernizing the NVD, emphasizing the importance of the database in building trust in information technology and fostering innovation within the cybersecurity field.
