Maryland cybersecurity firm Analygence was recently contracted for over $125 million out of the five-year federal budget with the National Institute of Standards and Technology, which is a part of the Commerce Department, to assist in rectifying an increasing backlog for the agency’s federally lauded national cyber vulnerabilities repository.
The project is explicitly intended to wade through and unpile the array of entries thrown into NIST’s National Vulnerability Database, which has apparently received no update for several months now.
While it has often partnered with the federal tech community, Analygence was earlier given an agreement with NIST to assist in the federal scientific body’s infosec study.
The firm has engaged with many federal customers currently, among which CISA and the NAVAL AIRWARFARE CENTER are included, based on a federal market intelligence firm that is GovTribe.
Seven: The NVD database has been one of the corner pieces of reference for cybersecurity researchers as its contents and associated vulnerability measuring tools were used to draw potential threats of cyber exploits. It should be noted that analysts have frequently used the severity score within the database to assess the pointed out impacts that can occur if a hacker exploits the vulnerability.
They have also been employed to train machine learning models that can differentiate between software products that contain yet undiscovered vulnerabilities and those that do not.
The standoff began in February but no concrete cause was known. NIST said at that time that it will re-organize its employees and may seek the assistance of other parties in the private sector with regard to the issue at hand. The agency is expected to face an 8% reduction in its budget for the following year despite being under considerable pressure to address many emerging technologies and national security research.
This is according to a new analysis of out last week that was made by VulnCheck that noted that as of February 12, NVD has not analyzed some 93% of new vulnerabilities.
“If there is some person who is responsible for handling patch management for a network and he has been using the NVD database for all the information he or she needs, then at this moment these lists may be quite outdated and to get the information one has to visit each vendor and find out what new vulnerabilities where disclosed by that vendor, and how big the risk these vulnerabilities present are,” it was said in the April Cisco Talos blog des
This has informed a recent backlog which NIST anticipates will be cleared up to by end of year, the agency posted a status update on it web page on May 29.
“As we stated in the past, it has been 25 years since NIST furnished this NVD of vulnerabilities for user worldwide and any suggest that NIST will enforce any of its numbers is stemming from and is mistaken,” it adds. “NIST is fully committed to sustaining and updating this critical nation asset that is important for enhancing confidence on information technology and driving creativity.”
