RFI for Spring Framework Vulnerability Support Services

A government authority located in New York is seeking information to gather insights into vendor capabilities, service offerings, and best practices for supporting applications built on the Spring ecosystem. The agency needs to understand how vendors can provide critical services to enhance the security, robustness, and long-term stability of its Spring-based applications. The primary problem the agency is trying to solve is maintaining a strong security posture through proactive vulnerability management and extended lifecycle support. The scope of work covers comprehensive, enterprise-grade extended support for the Spring Framework, with a specific focus on Spring Boot version 2.7.x and its related dependent projects. Requested services include secure artifact management, timely security patching, expert technical support, and documentation and transition support. Performance of these services will take place offsite. Eligibility is limited to onshore organizations based in the United States. The agency is looking for budget proposals to understand the cost structure of these services. Bidders must submit all questions regarding this request for information no later than June 24, 2026.