On September 1, 2021, the National Vulnerability DataBase (NVDB) (https://www.nvdb.org.cn/index), which is established by the Cybersecurity Administration Bureau of the Ministry of Industry and Information Technology (MIIT), was officially put into operation.
According to the Provisions on the Management of Network Product Security Vulnerability (hereinafter referred to as “the Provisions”), network product providers shall submit relevant vulnerability information to the NVDB of MIIT within 2 days. The submitted content needs to include the name, model, and version of the product with security vulnerability. Other requirements include technical characteristics, harm, and impact range of the vulnerability, etc. The NVDB will simultaneously report the vulnerability information to the National Circular Center of Network and Information Safety and the National Internet Emergency Center (CNCERT).
The NVDB includes General Network Product Security Vulnerability Database, Industrial Control Product Security Vulnerability Database, Mobile Internet APP Security Vulnerability Database, and Internet of Vehicles Security Vulnerability Database, etc.
The NVDB will support technical assessment of network product security vulnerabilities and urge network product providers to patch and release their own product security vulnerabilities. Relevant foreign service providers are advised to follow the requirements of the Provisions to submit information accordingly.
If you need more information on the topic, please contact: