The US is still lagging behind China in terms of vulnerability discovery and disclosure. While the gap between the US National Vulnerability Database (NVD) and the Chinese NVD (CNNVD) has slightly shrunk over the last 5 years, there are still hundreds of vulnerabilities registered in China that are yet to be listed on the US NVD. The CNNVD is a known subsidiary of the Chinese Ministry of State Security’s Technical Bureau, which drives Chinese cyber espionage, and has a history of altering CVE disclosure dates and providing APT groups with exploits.
