China’s telecommunications regulator has paused a partnership with Alibaba Cloud after one of the firm’s engineers discovered the Log4shell security flaw.
According to state-backed Chinese media, the suspension is because the firm did not report Log4shell to The Ministry of Industry and Information Technology (MIIT) in time.
The company first alerted the foundation overseeing the flawed code. Alibaba Cloud has not yet commented on the suspension. The firm is part of the Chinese tech giant, Alibaba Group.
Log4Shell is the name given to a security flaw in the widely used Log4j software – the open source software is overseen by the Apache Software Foundation.
Millions of computers running online services use Log4j for logging or recording events, and security experts have described the flaw as one of the worst discovered in the last ten years.
Alibaba found the security flaw and first reported the glitch to the Apache Software Foundation so that they could fix the problem, but according to state-backed Chinese media, Alibaba was suspended because it did not report to MIIT quickly enough.
“The company failed to effectively support the ministry’s efforts to manage cyber-security threats and vulnerabilities”, China Daily reported, quoting unnamed sources.
The suspension by the MIIT will be reviewed in six months, according to the 21st Century Business Herald article which broke the story.
The partnership covered a cyber-security threat information-sharing platform.
The Reuters news agency says the suspension “highlights Beijing’s desire to strengthen control over key online infrastructure and data in the name of national security”.
According to the South China Morning Post, a regulation passed this year requires Chinese companies to report vulnerabilities in their own software to the MIIT.
However, according to the paper, it only “encourages” companies to report bugs found in code produced by others.