Security News > 2021 > December > Alibaba Cloud slapped by Chinese ministry for mishandling Log4j

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw.

The move appears odd as The Apache Software Foundation credited Alibaba Cloud's Chen Zhaojunfor identifying and reporting the Log4J flaw in the first place.

You might think Alibaba Cloud deserves a parade for identifying a dangerous flaw, and showing that Chinese bug-hunters can match it with the world's best.

If Alibaba staffers were the source of the GitHub leaks, Beijing may wish to punish the company for that error.

Chinese companies are required to report vulnerabilities in their own software to MIT's National Vulnerability Database website within two days, and Alibaba Cloud is likely to have lots of Log4j its own systems and customers' cloudy rigs.

Perhaps the scariest possible reason Alibaba has been punished is that Beijing is miffed the company reported the flaw to Apache, thereby denying China a zero day exploit that had enormous offensive potential.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/12/23/alibaba_cloud_in_trouble_with/