The Chinese Ministry has Charged Alibaba Cloud for Mismanaging Log4j

To protest Alibaba Cloud handling the Log4j flaw, China’s Ministry of Industry and Information Technology has suspended Alibaba Cloud’s membership on an influential security board. 

Given that Chen Zhaojun of Alibaba Cloud was credited with discovering and reporting the Log4j flaw in the first place, the move appears strange. You might think Alibaba Cloud deserves a pat on the back to discover a critical flaw and demonstrate that Chinese bug hunters can compete with the best in the world. According to the 21st Century Herald, Chinese authorities were dissatisfied with the cloud giant’s response. 

According to the outlet, Alibaba was chastised for failing to report security vulnerabilities to MIIT promptly and for failing to effectively support the ministry’s network security threat and vulnerability management efforts. As a result, the Ministry of Public Security suspended Alibaba Cloud’s position on its security board for six months. After six months, the ministry will review the corrective measures and suitability of Alibaba Cloud.

Alibaba may not have complied with local reporting requirements. Alibaba Cloud is likely to have a lot of Log4j in its systems and customers’ cloudy rigs, as Chinese companies are required to report vulnerabilities in their software to MIIT’s National Vulnerability Database website within two days.