China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government

News

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report.

The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks.

Stack Overflow Teams

“No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities,” Article 4 of the regulation states.

In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from being disclosed to “overseas organizations or individuals” other than the products’ manufacturers, while noting that the public disclosures should be simultaneously accompanied by the release of repairs or preventive measures.

“It is not allowed to deliberately exaggerate the harm and risk of network product security vulnerabilities, and shall not use network product security vulnerability information to carry out malicious speculation or fraud, extortion and other illegal and criminal activities,” Article 9 (3) of the regulation reads.

Furthermore, it also prohibits the publication of programs and tools to exploit vulnerabilities and put networks at a security risk.

Products You May Like

Articles You May Like

DaggerFly-Linked Linux Malware Targets Network Appliances
Malicious AI Models on Hugging Face Exploit Novel Attack Technique
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

Leave a Reply

Your email address will not be published. Required fields are marked *