China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government

News

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report.

The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks.

Stack Overflow Teams

“No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities,” Article 4 of the regulation states.

In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from being disclosed to “overseas organizations or individuals” other than the products’ manufacturers, while noting that the public disclosures should be simultaneously accompanied by the release of repairs or preventive measures.

“It is not allowed to deliberately exaggerate the harm and risk of network product security vulnerabilities, and shall not use network product security vulnerability information to carry out malicious speculation or fraud, extortion and other illegal and criminal activities,” Article 9 (3) of the regulation reads.

Furthermore, it also prohibits the publication of programs and tools to exploit vulnerabilities and put networks at a security risk.

Articles You May Like

US government securities watchdog spoofed by investment scammers – don’t fall for it!
UK privacy watchdog warns adtech the end of tracking is nigh
McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities
Head of Instagram Adam Mosseri will testify before the Senate on teen mental heath
New Golang-based Linux Malware Targeting eCommerce Websites

Leave a Reply

Your email address will not be published. Required fields are marked *