This illustrates a misunderstanding of how CVE functions. It's a repository of data about disclosed vulnerabilities (even if some disclosures are embargoed and not yet published - if anyone but the bughunter and dev team that owns the fix knows about it, it's disclosed :P). The actual vulnerability discovery process is external and done by individual researchers, teams and businesses who report vulnerabilities to the appropriate groups called CVE numbering authorities (CNA) who manage the assignment and publication of CVE data through their scopes. There is not much technical advantage in terms of advance disclosure since the CNA controls what data goes to CVE.
As an example, a CNA like Mozilla, Apple, or Microsoft is unlikely to disclose vulnerability data via CVE until they have remediated the issue or have public guidance, and their embargo processes are likely separate from CVE publication.
As an example, a CNA like Mozilla, Apple, or Microsoft is unlikely to disclose vulnerability data via CVE until they have remediated the issue or have public guidance, and their embargo processes are likely separate from CVE publication.