On 1 September 2021, the National Vulnerability DataBase (NVDB) established by the Cybersecurity Administration Bureau of the Ministry of Industry and Information Technology (MIIT) was officially put into operation.
According to the Provisions on the Management of Network Product Security Vulnerability, network product providers shall submit relevant vulnerability information to the NVDB of MIIT within 2 days. The submitted content needs to include the name, model, and version of the product with security vulnerability. Other requirements include technical characteristics, harm, and impact range of the vulnerability, etc. The NVDB will simultaneously report the vulnerability information to the National Circular Center of Network and Information Safety and the National Internet Emergency Center (CNCERT).
The NVDB includes General Network Product Security Vulnerability Database (https://www.cnvdb.org.cn), Industrial Control Product Security Vulnerability Database (https://www.cics-vd.org.cn), Mobile Internet APP Security Vulnerability Database (https://cappvd.cstc.org.cn), and Internet of Vehicles Security Vulnerability Database (https://cavd.org.cn), etc.
The NVDB will support technical assessment of network product security vulnerabilities and urge network product providers to patch and release their own product security vulnerabilities.
