In late November, Alibaba’s security team was the first to notify the Apache Software Foundation (ASF) about the devastating Log4j vulnerability. Though Alibaba Cloud was not known to be compromised, the company is nevertheless facing consequences from Chinese regulators.
The Ministry of Industry and Information Technology (MIIT) is taking Alibaba to task over not reporting the breach to its officials first. The consequence will be a suspension of the cybersecurity relationship between the Chinese government and Alibaba Cloud for six months, something that could be costly for the tech and retail giant. The state is one of its largest customers, and one that it relies on more heavily since ByteDance opted to move to its own international cloud storage earlier this year.
Alibaba Cloud takes a hit over Log4j reporting
As part of a package of new security and data protection regulations passed in 2021, Chinese regulators expect to be informed of discovered vulnerabilities before they are disclosed to the public. The Alibaba researchers, possibly overcome with how serious the Log4j vulnerability (Log4Shell) could be for the world, seem to have overlooked…
