Vulnerability management

This arrived in my email this morning in the sans-qualys vulnerability alert:
"Good news - for a change.
For everyone who has ever tried to reduce vulnerabilities, and found it
very hard, today is a very good day.  NIST just announced (this morning)
that it is launching a cooperative effort involving NSA, DoD/DISA, DHS,
and the Center for Internet Security, with the help of security and
software vendors, to radically upgrade vulnerability management. The
program will bring automation and standardization to vulnerability
management, and it is real.  Within a few months, you should expect to
see new procurement language that can be used by any organization buying
software or system or system integration, that will require the vendors
and contractors to deliver systems and software compatible with the new
automated vulnerability management program.  SANS will do a free webcast
on it shortly to give you more details."

I wonder if any teeth will come along with the effort? It seems like for many vendors, this could be a new and probably unwelcome development. For software purchasers, it could be a very welcome development. We'll have to wait and see what this is going to look like.