In LD 8.8 the table ComputerVulnerability has a Detected column that would essentially flag if a device was compliant or non-compliant.
In LD 9 there is a new table called CVDetected. As I have poked around the CVDetected table it appears that if a device is compliant with a vulnerability then it won't have a record in CVDetected. This is a change from ComputerVulnerability where a device could have a record against a particular vulnerability with Detected = 0 (essentially, compliant).
Therefore, if Computer 'A' has had a vulnerability scan and that scan included a check for Vul_ID MS11-037 and there is no subsequent record in CVDetected for Computer 'A' AND MS11-037 then Computer 'A' can be considered compliant to MS11-037.
After Gatherhistory performs maintenance you should be able to rely on the ComputerVulnerability table as you always have. The CVdetected is the collection ground for the detections only, but after Gatherhistory performs its tasks it updates Computervulnerability to reflect that said patch is "non detected" anymore.