June 3, 2024 at 05:53PM
NIST extended its contract with Analygence to address the growing backlog in its National Vulnerability Database. The backlog has been increasing since February, with 93% of vulnerabilities submitted remaining unanalyzed. NIST aims to clear the backlog and process current vulnerabilities by the end of the fiscal year. The agency is also seeking long-term solutions to handle the influx of vulnerability reports.
After reviewing the meeting notes, it is clear that NIST has extended its commercial contract with Analygence to address the growing backlog of reported flaws in the National Vulnerability Database (NVD). This amendment includes support specifically for clearing the NVD backlog, which has been increasing beyond NIST’s processing capacity since February. The backlog currently stands at a significant number of unanalyzed vulnerabilities submitted since February 12, with NIST hoping to catch up and process current CVEs by the end of the fiscal year.
NIST has acknowledged that the backlog is due to various factors, such as an increase in software and vulnerabilities, as well as a change in interagency support. Additionally, NIST aims to establish a consortium for long-term solutions to improve the NVD’s capacity to handle vulnerability reports.
It is notable that Analygence has already begun addressing the backlog and will also assist in processing new NVD submissions. This move indicates NIST’s acknowledgment of the workload its current staff faces and the need for additional resources to tackle the increasing backlog.