The Chinese government’s Cyberspace Administration released a number of new vulnerability disclosure requirements that require companies and individuals to work more closely with the Ministry of Industrial and Information Technology (MIIT). The most notable of these include a ban on selling, collecting, or publishing vulnerabilities by private researchers, a ban on disseminating programs or tools that can “exploit vulnerabilities” or “put networks at risk,” a ban on sharing such information with any foreign entities except the affected “network product provider,” and a requirement to disclose such discoveries to MIIT within two days. The new law also includes a number of more typical disclosure and mitigation requirements, such as requiring vendors to accept vulnerability reports and issue patches.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security