The purpose of National Vulnerability Databases (NVDs) is to create a centralized list of security-related software flaws and enable a more automated approach to vulnerability management. The US, China, and Russia all run their own NVDs.
However, there are distinct flaws with all three, meaning there could be major gaps within an organization’s vulnerability management strategy. The US NVD is slow; the media gap between a vulnerability becoming public and appearing on the list is seven days. China’s NVD is quicker to upload public vulnerabilities, but has been accused of altering data to hide government influences. The Russian NVD, run by the country’s Federal Service for Technical and Export Control of Russia, misses many vulnerabilities and is slow with what it does publish.
Leave a reply