AltMachine writes: “Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group, over accusations it failed to promptly report and address [the Log4Shell vulnerability],” reports Reuters, citing state-backed media reports. Alibaba Cloud recently discovered a major remote code execution vulnerability in the Apache Log4j2 component, notifying the U.S.-based Apache Software Foundation, but did not immediately report it to Ministry of Industry and Information Technology (MIIT,) China’s telecommunications regulator.
MIIT said it then received a report from a third party about the issue (days after), rather than from Alibaba Cloud. “In response, MIIT suspended a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms, to be reassessed in six months and revived depending on the company’s internal reforms,” reports Reuters. According to Chinese laws, companies must report new vulnerabilities within 48 hours.
Read more of this story at Slashdot.