Following the discovery of the Log4shell security hole by one of the company’s engineers, the Chinese telecommunications regulator has suspended partnership with Alibaba Cloud. Chinese state-owned media have reported that Log4shell has suspended because the company failed to notify the incident to the Ministry of Industry and Information Technology (MIIT) in a timely manner.
The foundation in charge of overseeing the faulty code was notified first by the corporation. Alibaba Cloud has not yet responded to the ban with a statement. The company is a subsidiary of the Chinese technology behemoth Alibaba Group.
Log4Shell is the term given to a security issue in the widely used Log4j software. It has controlled by the Apache Software Foundation. Log4j is an open source software project that has developed by the Apache Software Foundation.
There are millions of devices running online services using Log4j’s logging and recording system. And security experts have dubbed the hole as one of the most dangerous discovered in the last ten years.
When Alibaba discovered the security issue. The company immediately disclosed it to the Apache Software Foundation so that they could remedy the problem. However, according to state-backed Chinese media, Alibaba has suspended. Because it did not submit the problem to MIIT in a timely manner.
As stated by China Daily, citing unnamed sources, “the corporation failed to adequately help the ministry’s efforts to manage cyber-security threats and vulnerabilities.”
It has reported that the MIIT will revisit its decision to suspend the company in six months. The article broke the storey. The agreement included the creation of a platform for exchanging cyber-security threat information.
According to the report, the suspension “highlights Beijing’s intention to tighten control over crucial online infrastructure and data in the name of national security”. The suspension is effective immediately. South China Morning Post reports that a legislation passed this year mandates Chinese enterprises to report vulnerabilities in their own software to the Ministry of Industry and Information Technology (MIIT).
In contrast, according to the article, it simply “encourages” businesses to disclose defects discovered in code written by others.