The CNNVD captures 90% of all vulnerabilities within 18 days, while the NVD takes 92 days. This means Chinese firms could theoretically make themselves more resilient to attack quicker than their Western counterparts. The NVD is managed by the Security Testing, Validation and Measurement Group of the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) It only includes CVEs (vulnerabilities) once they have been published in the CVE Dictionary run by the nonprofit MITRE Corporation. MITRE is responsible for managing the entire CVE process, including the selection and management of the.”]
Source: https://www.csoonline.com/article/3249456/why-china-spot-security-vulnerabilities-quicker-us.html