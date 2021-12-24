While the chaos caused by Log4j vulnerabilities is finally calming down, some interesting results begin to emerge. One of the Alibaba Cloud Security members, Chen Zhoujun, found a flaw in Log4j as early as November 24th. Zhoujun immediately reached Apache and shared the details as an industry norm. The industry norms encourage people to reach out to the company in situations like this.

Report to ministry before everything else

Industry norms “encourage” reporting bugs, while the government has tools to enforce it

On the other hand, a new 1-year-old Chinese law enforces companies to report flaws first to the Ministry of Information and Information Technology of China, which Alibaba Cloud is a partner of it. In this case, Alibaba Cloud did not immediately understand how big the threat is, and Chen Zhoujun informed Apache.

As a result of the action, the Chinese government has suspended the company its cybersecurity threat intelligence partnership for six months. The ministry will reassess the partnership at the end of the six months, based on the measures Alibaba Cloud is taking to fix the “inform the ministry before everything else” issue. Alibaba Cloud stated that they will improve their risk management and compliance with the new law of the Chinese government.

See more Cyber Security News