• Kusimulkku@lemm.ee
    link
    fedilink
    arrow-up
    2
    ·
    10 months ago

    Notifying vendors first about security flaws is a cybersecurity industry norm, but a new law encourages Chinese companies to first notify the government

    That’s a bit… worrying

    • dinomug@lemmy.mlOP
      link
      fedilink
      arrow-up
      8
      ·
      3 years ago

      It is a double-edged sword: Where is the Apache Foundation registered and operating? In the United States. The company that found the exploit, Alibaba, is Chinese. Even the department that found it (security team) is located in the offices of Alibaba Cloud, in Singapore. In short, the Chinese government was very close to having a tool to seriously damage the Western technology infrastructure, without the other side ever knowing where exactly they were being hit from. And if it had been the other way around? if that information had reached the Singaporean authorities earlier? we must not forget that it is a very servile government to the United States. Or in the worst case scenario the report was intercepted at the Apache Foundation, remember PRISM? one of their goals is to find potential vulnerabilities and exploit them against “hostile forces” even forcing companies registered on US soil and several beyond their borders to leave “backdoors” in their products/systems without public knowledge.

      Fortunately or unfortunately it was reported and announced publicly, without prior knowledge of the respective governments, so neither side gained a considerable advantage in this new field of warfare that is the cyberspace.