The United Kingdom’s National Cyber Security Center (NCSC) reviews vulnerabilities in software, hardware, websites, or critical infrastructure. Review process called the “Equities Process”” determines if they are going to disclose the vulnerability so that it is fixed or if they will keep it to themselves for use during intelligence gathering. This type of review process is not unique to the United Kingdom and other countries such as the U.S.A. have their own “”Vulnerabilities Equities Policy and Process”””
Source: https://www.bleepingcomputer.com/news/security/uks-ncsc-explains-how-they-handle-discovered-vulnerabilities/