Priscilla Moriuchi, a former NSA employee, was responding to queries from iTWire about a research brief that painted Russia's national vulnerability database as "incomplete, slow, and likely intended to support the control of the Russian state over technology companies and users".
Moriuchi said the fact that the US was first, did not mean that every nation needed to follow its standards and norms.
"However, vulnerability disclosure is inherently a transparency process, intended to promote global Internet security and when nations use their vulnerability disclosure processes to support intelligence operations, that global Internet trust and security is undermined," she added.
When it was pointed out to Moriuchi that Russian infosec workers could obtain details about a vulnerability from databases other than that run by their own country, she said the point sought to be made was that the Russian effort was a poor resource.
"Our goal in examining various countries' vulnerability databases is simply to compare and contrast their performance and utility," she said.
"Citizens of Russia certainly can browse to another nation's vulnerability database. Our point is simply that in terms of performance and utility, Russia's vulnerability database is a poor resource for citizens and network defenders."
Moriuchi and fellow researcher Dr Bill Ladd had also said in their study that the Russian database excluded vulnerabilities about content management systems.
When iTWire suggested that perhaps this was because these systems were not important to Russia, Moriuchi replied: "Each nation chooses which vulnerabilities to publish and how to publish them."
Recorded Future has, in the past, also done a study of China's national vulnerability database and found that the authorities there have altered dates to try and make it appear that serious vulnerabilities were published ahead of the US national database.