The Cyberspace Administration of China (CAC) has issued a new exacerbated vulnerability disclosure regulation that requires white hat hackers uncovering critical zero-day flaws in computer systems to first report them to the government authorities within two days from their discovery.
“The relevant vulnerability information should be reported to the Ministry of Industry and Information Technology’s cyber security threat and vulnerability information sharing platform within 2 days. The content of the submission should include the product name, model, version, and the technical characteristics, harm, and scope of the vulnerability that have security loopholes in network products.” reads the “Regulations on the Management of Network Product Security Vulnerability” published by CAC.
Article 4 of the regulation also prohibits individuals or organizations to illegally “collect, sell, or publish information on network product security vulnerabilities,” while Article 7 encourages network operators and product vendors to set up bug bounty programs.
Organizations or individuals are prohibited to provide undisclosed network product security vulnerability information to overseas organizations or individuals other than network product providers.
The regulations are expected to go into effect starting September 1, 2021.
The Chinese government last week issued new cybersecurity laws mandating that any Chinese company that provides services to more than one million users must be audited before listing its shares overseas.
(SecurityAffairs – hacking, Chinese Government)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.