Security News > 2021 > December > China suspends deal with Alibaba for not sharing Log4j 0-day first with the government

China suspends deal with Alibaba for not sharing Log4j 0-day first with the government
2021-12-23 07:13

China's internet regulator, the Ministry of Industry and Information Technology, has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library.

The development was reported by Reuters and South China Morning Post, citing a report from 21st Century Business Herald, a Chinese business-news daily newspaper.

"Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator," Reuters said.

Chen Zhaojun of Alibaba Cloud has been credited with reporting the flaw on November 24.

The move also comes months after the Chinese government issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to disclose them first-hand to the government authorities mandatorily.

In September, the government also followed it up by launching "Cyberspace security and vulnerability professional databases" for the reporting of security vulnerabilities in networks, mobile apps, industrial control systems, smart cars, IoT devices, and other internet products that could be targeted by threat actors.


News URL

https://thehackernews.com/2021/12/china-suspends-deal-with-alibaba-for.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Alibaba 6 0 7 2 2 11