diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 1de9f55bc3f..8af198032ab 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -991,19 +991,19 @@ private int updateOrInsertVulnerability(DefCveItem cve, String description) {
                 callUpdate.setNull(17, java.sql.Types.NULL);
                 callUpdate.setNull(18, java.sql.Types.NULL);
             }
-            Optional<CvssV3> optCvssv30 = null;
+            Optional<CvssV3> optCvssv30 = Optional.empty();
             if (cve.getCve().getMetrics() != null && cve.getCve().getMetrics().getCvssMetricV30() != null) {
                 optCvssv30 = cve.getCve().getMetrics().getCvssMetricV30().stream().sorted(Comparator.comparing(CvssV3::getType)).findFirst();
             }
-            Optional<CvssV3> optCvssv31 = null;
+            Optional<CvssV3> optCvssv31 = Optional.empty();
             if (cve.getCve().getMetrics() != null && cve.getCve().getMetrics().getCvssMetricV31() != null) {
                 optCvssv31 = cve.getCve().getMetrics().getCvssMetricV31().stream().sorted(Comparator.comparing(CvssV3::getType)).findFirst();
             }
 
             CvssV3 cvssv3 = null;
-            if (optCvssv31 != null && optCvssv31.isPresent()) {
+            if (optCvssv31.isPresent()) {
                 cvssv3 = optCvssv31.get();
-            } else if (optCvssv30 != null && optCvssv30.isPresent()) {
+            } else if (optCvssv30.isPresent()) {
                 cvssv3 = optCvssv30.get();
             }
             if (cvssv3 != null) {