China Government Suspends Partnership With Alibaba Over Log4j

China’s internet regulator has suspended a partnership with Alibaba’s cloud computing division over the company’s failure to report the critical Apache Log4j vulnerability to it quickly enough.

The Ministry of Industry and Information Technology (MIIT) is suspending work with Alibaba Cloud as a cybersecurity threat intelligence partner for six months because the company reported the serious vulnerability first to Apache, rather than to MIIT, the 21st Century Business Herald reported.

The ministry said it would reassess the situation at that time based on what measures Alibaba had taken to correct the problem.

“The company failed to effectively support the ministry’s efforts to manage cyber-security threats and vulnerabilities”, reported China Daily, citing unnamed sources.

Reprimand

The move to reprimand Alibaba, a sign of government displeasure, could affect the company’s business prospects.

The MIIT launched its cybersecurity threat intelligence sharing platform in December 2019 as a state-led alliance for dealing with security threats.

Membership is a recognition by the government of a company’s ability to spot and manage threats.

The MIIT did not publish an official statement on the matter, and Alibaba did not respond to a request for comment.

The Log4j vulnerability affects Java-based software found in countless internet-connected devices, from televisions and cameras to data centres operated by Amazon, Google or Microsoft.

The flaw was publicly disclosed on 9 December, after it was discovered by Alibaba Cloud Security Team engineer Chen Zhoujun.

Public disclosure

The Apache Software Foundation said it was notified by email on 24 November and issued a patch on 6 December, ahead of public disclosure.

The MIIT cybersecurity management bureau said on 9 December it had been notified by the “relevant” cybersecurity institutions.

According to a law passed earlier this year, Chinese companies are obliged to report vulnerabilities in their own software directly to the MIIT through its National Vulnerability Database.

But the Internet Product Security Loophole Management Regulation only “encourages” them to report bugs found in others’ software.

Chinese regulators hit Alibaba Cloud’s parent company with a record fine earlier this year and forced it to change allegedly anti-competitive business practices, amidst a broader regulatory crackdown on big tech companies in the country.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

6 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

7 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

8 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

10 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

13 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

13 hours ago