Alibaba Cloud faces a backlash from Chinese authorities following the discovery of the Log4J vulnerability on Apache. According to Chinese media, local journalists were informed on Wednesday that Beijing was suspending its information sharing partnership with Alibaba Cloud for a period of six months, justifying the decision by the failure to report Log4j.
Chen Zhaojun, security engineer at Alibaba Cloud, has been identified by Bloomberg News as the first person to discover the Log4J vulnerability and report it to Apache. He notified Apache on November 24, and a third party then informed Chinese authorities in a report on December 9, according to Reuters.
“After recently discovering serious security vulnerabilities in the Apache Log4j2 component, Alibaba Cloud did not report this situation to the authorities in a timely manner and did not effectively support the authorities to carry out the management of cybersecurity threats and vulnerabilities, ”Chinese media close to central government reported.
Alibaba in Beijing’s sights
China recently enacted a new law that requires all companies to report vulnerabilities to state regulators within two days. The Chinese government has sought to better manage cybersecurity and privacy in recent months, passing multiple laws and issuing warnings to large companies about the need to protect data shared outside of China.
This is not the first time that Alibaba has been the object of Beijing’s wrath. The Chinese giant was recently fined a record 18.2 billion yuan. 33 other mobile apps have also been criticized by Beijing for their data collection policies. As a result, Didi has come under extensive cybersecurity scrutiny, while Alibaba and Tencent have also come under government scrutiny in recent months.
In November, China’s Cyberspace Administration unveiled a new set of laws that reclassified data and provided for several rounds of fines for cybersecurity policy violations.
Source: ZDNet.com