Alibaba Cloud Photo: VCG

Aliyun, Alibaba's cloud computing subsidiary, was removed from participating in a national network security information sharing platform for six months by China's internet technology watchdog after failing to report a security glitch, as the country steps up efforts to ensure network security.

Aliyun, a member company of the network security information sharing platform under the auspice of the Ministry of Industry and Information Technology (MIIT) has been removed from the platform, Chinese news outlet The Paper reported on Wednesday.

The removal comes after Aliyun failed to report serious Apache Log4j2 security glitch to the regulator in a timely manner, failing to effectively support the MIIT to detect network security threats and vulnerabilities.

According to the rule governing the management of security vulnerabilities of network products implemented on September 1, network product providers have the obligations to report any risks to the authorities within two days.

The MIIT will decide whether to restore the statues of Aliyun based on the company's response to their recent failure when the six-month suspension period expires.

The security glitch of Apache Log4j 2, a Java-based logging utility, which is widely used in business system development, are considered to be a high-risk vulnerability and may lead to remote control of the software, and may lead to serious hazards such as sensitive information theft and service interruption, the MIIT said in a notice on its website on Friday.  

The notice said that the information sharing platform has received a report from a professional network security institution that warns it of the serious security risks in Apache log4j2 on December 9.

The MIIT immediately organized network security professional institutions to carry out vulnerability risk analysis and urged the US based Apache Software Foundation to repair the vulnerability in a timely manner 

In order to reduce network security risks, the MIIT has asked responsible units and the public to be aware of the release of patches for Apache log4j2, and check the operation of their systems, and upgrade to the version as soon as possible.

Global Times