Here is a machine translation of the relevant section that seems to agree with the GP:
>Article 7 Network product providers shall perform the following network product security vulnerabilities management obligations, ensure that their product security vulnerabilities are repaired in a timely manner and reasonably released, and guide and support product users to take preventive measures:
>(1) After discovering or learning about the security vulnerabilities in the provided network products, they should immediately take measures and organize verification of the security vulnerabilities to assess the degree of harm and the scope of the security vulnerabilities; for the security vulnerabilities in their upstream products or components, they should Notify the relevant product provider immediately.
>(2) The relevant vulnerability information should be reported to the Ministry of Industry and Information Technology's cyber security threat and vulnerability information sharing platform within 2 days. The content of the submission shall include the product name, model, version, and the technical characteristics, harm, and scope of the vulnerability that have security loopholes in network products.
>(3) Remediation of network product security vulnerabilities should be organized in a timely manner. For product users (including downstream manufacturers) that need to take measures such as software and firmware upgrades, network product security vulnerabilities and repair methods should be promptly informed of the product users who may be affected , And provide the necessary technical support.
> Did they want to protect themselves before alerting anyone?
Probably yes.
> Did they want to use this to infiltrate others?
Also probably yes.
The NSA does the same thing. They stockpile security vulnerabilities and selectively tell the software vendors about some of them. They like to keep the "high value" vulnerabilities to themselves for use in exploits.
Unfortunately all intelligence agencies everywhere will continue to take this cowboy approach. Until we can get these bad actors under control, their constant undermining of internet infrastructure will continue to hinder efforts to improve internet security.
It's not the same thing to develop and keep an exploit for yourself, as it is to require the public companies in your country to report the important bugs they find while effectively also under a temporary gag order. They are super different things.
Surely you can see that they're all bad actors, undermining the software and infrastructure that we all use, putting our systems and our data at risk through their grubby actions and even their grubby inaction, right?
I don't care which bunch of spies does it more. I don't want spies doing it at all.
Yah, I guess by not searching for new exploits tonight for public disclosure, I'm putting the entire software world marginally more at risk by "grubby inaction."
> I don't care which bunch of spies does it more. I don't want spies doing it at all.
I care: some bad actors in my government vs. forcing an entire massive economy to participate in bad actions will have massively different magnitudes of effect.
There's always going to be bad actors, but preventing 15% of the world's population from being good actors surely is a pretty significant thing.
There's nothing ethical about leaving your nation's infrastructure vulnerable to attack just because you want to indulge in the boy's own adventure of attacking the infrastructure of other nations.
It's not ethical. It's not professional. It's school boy stuff.
Probably both? It may not even be so much about this particular vulnerability, but rather just setting the law that any future vulnerabilities must first be reported to the party which can then decide to either defend from it or weaponize it.
First, this is grandiose to the point of silly, and second you definitely can't break the site guidelines like this. I've banned the account. Please don't create accounts to break HN's guidelines with, or to do cloak and dagger routines.
Sorry, like Fassbender’s erroneous three sign in the bar, your corps joke a little while ago betrays you. Regardless of education level every American knows how to pronounce corps. Because of the Marine Corps. You should have claimed to be interested in American politics but someone who learned English as a second language, perhaps a Western European.
You’re burnt, bro. Nearly your entire comment history is related to the foreign policy priorities of China with just enough testing thereof to make your position plausible. Pack it up and start over.
It’s interesting that I didn’t say what you were and you’ve defended a specific allegation. Intriguing, that. I also like the idea that someone “whiter than mayonnaise” would opine that China will never invade Taiwan. Is anyone “whiter than mayonnaise” certain of that at all? Press X to doubt.
None of that guy's posts are
unusual for anyone to the left of the Democratic Party, and the 'corps/corpse' pun makes perfect sense in a context that involves the name 'Doomscroll'.
Idk if you just don't know any leftists IRL or what. The way the press and the political establishment are doing their damnedest to gear the American public up for a new cold war against our biggest trade partner (lolwut??) strikes many real people as irksome, worrying, and ridiculous. Even more libertarian leftists, who are loudly and frequently (and often correctly) critical of China (and usually muddled when it comes to anti-imperialism, besides), can smell bullshit when they read a bunch of stories about 'social credit' which turn out to be mostly hot air, or they watch two presidential candidates derail debates on a national stage just for detours where they take turns of accusing each other of being the one who is really soft on China.
This reminds me of the last presidential primary, when some boomer libs on Facebook would manically accuse anyone who criticized Biden too harshly of being a Russian agent.
Sorry dude, not everyone who disagrees with you is a bot or a foreign agent.
Pretend for a moment that someone not connected with China in any way could be critical of the US and its role as the last super power. I know that might be difficult task, but try your best. or not, i don't care.
Did they want to protect themselves before alerting anyone?
Did they want to use this to infiltrate others?