The rising number of vulnerabilities has attracted significant attention from academia and industry. While the Common Vulnerabilities and Exposures (CVE) database is an industry-standard resource for organizing and researching vulnerabilities, it lacks comprehensive analysis, often requiring researchers to conduct additional investigations. This gap in detailed vulnerability information can hinder effective vulnerability management and research. To address this problem, we conduct the first empirical investigation to discover the disparities in vulnerability aspects between academia and industry. We collect a comprehensive dataset comprising 50,254 security bulletins and blogs from 36 CVE Numbering Authorities (CNAs). We extract and summarize the specific characteristics of vulnerabilities from these web pages and identify 15 key aspects for describing vulnerabilities.
Our analysis reveals that the detailed information provided by different CNAs varies significantly. The industrial practice primarily emphasizes post-disclosure aspects of vulnerabilities, such as \textit{Impact} (82.1%) and \textit{Measures} (i.e., \textit{Solution} and \textit{Mitigation}), while largely overlooking \textit{Attacker Type} (almost none), \textit{Attack Scenario} (0.3%), and details on \textit{Steps to Reproduce} (0.2%) and \textit{Vulnerability Validation & Exploitation} (almost none). We also systematically review 31 academic papers on vulnerabilities to identify the primary aspects of academic research. Our findings indicate the lack of research on \textit{Attack Scenario} and \textit{Attack Method} in academia. Academic research on vulnerabilities primarily focuses on \textit{Fix/Patch Release} (13 out of 31), with significant attention to patch generation, porting, search, and vulnerability repair. By offering insights to industry and academia, we aim to stimulate the advancement of vulnerability research. In the future, the aspect \textit{Attack scenario} of vulnerabilities holds the potential for breakthrough advancements, benefiting both industry and academia.