Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

AWARDS

NIST ITL Team Wins 2021 InnovateIT Award

Security Innovation Leader Award

True leaders understand the necessity of innovation to remain relevant. AFCEA Bethesda’s InnovateIT Awards program recognizes those in the federal civilian space who combine leadership with innovation to achieve tangible results. The 2021 InnovateIT Awards program will recognize leaders who exhibit qualities of successful leadership across the following areas:

1) Security: Advanced approaches to cybersecurity challenges, including improving agency security operations centers, utilizing data-driven approaches to cybersecurity, and successfully balancing citizen services with enterprise security needs.

2) Automation: Leveraging data to deliver on mission, serve customers and steward resources, and harnessing the potential of artificial intelligence (AI) and machine learning (ML) to improve services and increase effectiveness.

3) Modernization: Innovative and comprehensive modernization strategy, including leveraging low-risk approaches to IT modernization and successful digital transformation.

Awarded

June 3, 2021

Awarding Organization

Senior Government Executive Forum

The National Institute of Standards and Technology's team that runs the National Vulnerabilities Database was awarded the 2021 InnovateIT Award: Security Innovation Leader.

Bob Byers is credited with leading a team that developed a method to better assess and understand vulnerabilities described within the National Vulnerability Database (NVD). The database, which is maintained by the Computer Security Division of NIST, is used daily by the U.S. Federal Government and hundreds of governments worldwide, Fortune 500 and commercial companies, private institutions, and critical infrastructure to detect and address known vulnerabilities. Mr. Byers, along with Christopher Turner and David Waltermire, accomplished their goal in a manner that supports a volume only achievable by automation and the introduction of emerging technologies, such as the increased use of artificial intelligence (AI) and machine learning (ML). The NVD Team set out to increase participation with and access to vulnerability data, remove subjective characteristics of reported vulnerabilities into a common and consistent taxonomy, develop a framework to support vulnerability tools development, and reduce the dependence upon human security analysts to analyze known vulnerabilities. The team took the approach of standardizing vulnerability terminology and format, while developing a framework to automate analysis. They developed a human machine-readable format of JSON for vulntological representations of vulnerabilities, enabling developers to use this information for customized applications. They also developed a GitHub available repository of schema specifications complete with examples and submission templates promoting the adoption of the new scheme for ontological representations. Finally, a comparative analysis solution was developed to uniquely identify and compare the submitted ontological representations validating submissions and subsequently adding them to the repository. The result is a method that improves the fidelity of vulnerability information, makes the participation of risk management easier and far more accessible, and provides a framework that supports both national and international security.

Image - Robert Byers — **Robert Byers** - NVD Tech Lead, Security Test, Validation and Measurement Group

Image - Christopher Turner — **Christopher Turner** - NVD Analysis Team Lead - Security, Test, Validation and Measurement Group

Image - David Waltermire — **David Waltermire** - Lead for Standards and Outreach, Security Automation Program

Information technology and Cybersecurity