The Chinese telecommunications regulator has suspended a partnership with Alibaba Cloud after one of the company’s engineers detected the Log4shell security issue.
According to state-controlled Chinese media, the suspension is the result of the company failing to disclose Log4shell to The Ministry of Industry and Information Technology (MIIT) on time. BBC reported. However, Alibaba Cloud has not yet commented on the suspension.
The company initially notified the foundation in charge of supervising the faulty code.Log4Shell is the term given to a security issue in the widely used Log4j software, which is managed by the Apache Software Foundation.
Millions of computers running online services use Log4j to log or record activities, and security experts have called the weakness one of the worst uncovered in the previous 10 years.
Alibaba discovered the security issue and immediately submitted it to the Apache Software Foundation so that it could be fixed, but according to state-backed Chinese media, Alibaba was suspended because it did not report the flaw to MIIT soon enough.
“The company failed to effectively support the ministry’s efforts to manage cyber-security threats and vulnerabilities”China Daily reported
According to the 21st Century Business Herald report that broke the revelation, the MIIT’s suspension will be reconsidered in six months. The collaboration included a mechanism for sharing cyber-security threat information.
The suspension “highlights Beijing’s intention to increase control over crucial internet infrastructure and data in the name of national security,” according to Reuters.
According to the South China Morning Post, a law introduced this year compels Chinese enterprises to notify the MIIT of flaws in their own software.
However, the document simply “encourages” corporations to disclose defects detected in other people’s code.