back to article Alibaba Cloud slapped by Chinese ministry for mishandling Log4j

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw. The move appears odd as The Apache Software Foundation credited Alibaba Cloud's Chen Zhaojun for identifying and reporting the Log4J flaw in the first …

  1. sanmigueelbeer

    China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest punish its handling of the Log4j flaw

    TFTFY

  2. cookieMonster Silver badge

    Last paragraph

    sounds about right

    1. pavel.petrman

      Re: Last paragraph

      Already at "ministry’s network security threat and vulnerability management efforts" I thought if what eventually constitutes the last paragraph. Security threat and vulnerability management indeed.

  3. BOFH in Training

    I am reading in many places that many state actors are using this exploit. Including suspected China state actors.

    Imagine if China was aware of this issue before the rest of the world..........

  4. Anonymous Coward
    Anonymous Coward

    Cutting off nose to spite face?

    Is there an equivalent Chinese proverb?

    Saying your star player will be booted off the football team is a bit daft. Alibaba could very much just find more of these issues and without a forum to discuss, do the same again, putting MIIT at a disadvantage.

    But hey this is above my pay grade, brighter people than me can see the wisdom in it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cutting off nose to spite face?

      Pride often makes people do very silly things.

    2. Anonymous Coward
      Anonymous Coward

      Re: Cutting off nose to spite face?

      Actually, benching a star athlete is done all the time by teams that are interested in maintaining a team culture or ethic.

      If you take China at their word (always an iffy thing to do) they wanted MIIT to know as soon any MIIT member knew because there were other MIIT companies that would be affected.

  5. Anonymous Coward
    Anonymous Coward

    I'm guessing publicising it ...

    ... wasn't in the interests of "The Party" ?

    the phrase "pour encourager les autres" seems apt.

    1. Clausewitz 4.0
      Devil

      Re: I'm guessing publicising it ...

      "seems apt."

      Seems an appropriate sentence.

      But allow me to point it out, Chinese regulators allow the disclosure of the vuln. to the vendor, then to the National Vulnerability Database instead of world+dog. Seems to me they missed the second rule, not the first one.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm guessing publicising it ...

        Too bad the CCP is too tight-lipped to back up your noble thesis with a confirmation.

  6. W.S.Gosset

    CCP's like a nightmare ex-girlfriend

    > Beijing's not saying what cloudy contender did wrong

    "You should just know."

  7. ClarkMills

    A lesson for all...

    ... as I'm pretty most superpowers will have been bailout to have that weapon in their warchest.

    They did well to release it to the apache foundation; perhaps with an anonymous account or apache having an anonymous drop web page that doesn't need an account. No credits though and work filtering the junk submitted I suppose.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like