In may 2025, the security department of the public security network, in the context of its “network-2025” special task force, found that a safety gap in a network product with an interactive information dissemination function had been detected, that the collection platform had captured a safety gap in a network product, but that details of the loophole had been made publicly available and the procedures and tools for using it to engage in activities that endangered the safety of the network, prior to the issuance of a safety loophole by a network product provider。
The public security organs are guided byCybersecurity actBy the operator of the platformAdministrative penaltiesAnd order a correction。
Article 26 of the cybersecurity act provides that the distribution to society of cybersecurity information, such as system loopholes, computer viruses, cyberattacks, cyberinvasives, etc., shall be subject to the relevant national regulations, and article 62 provides accordinglyLegal liabilityI don't know。
Article 9 of the regulation on safety gaps in cyberproducts stipulates that organizations or individuals engaged in the detection, collection and dissemination of information on safety gaps in cyberproducts to society through web platforms, media, conferences, competitions, etc. Shall be guided by the principles of necessity, authenticity, objectivity and pro-security risks and shall observe the following:
(i) no leaks shall be published before the providers of web-based products have provided measures to repair the safety gaps in the products; if they deem it necessary to do so in advance, they shall be evaluated in consultation with the relevant network-based product providers and shall be reported to the ministry of industry and information technology, the ministry of public security and, as a result, the ministry of industry and information technology, the ministry of public security and the ministry of public security。
(ii) details of security gaps in networks, information systems and equipment in use by network operators shall not be published。
(iii) the hazards and risks of safety gaps in cyberproducts should not be deliberately exaggerated, and information about safety gaps in cyberproducts should not be used for malicious speculation or criminal activities such as fraud and extortion。
(iv) procedures and tools specifically designed to engage in activities that are harmful to network security by exploiting safety gaps in network products shall not be published or made available。
(v) remedial or precautionary measures should be issued in parallel with the issuance of safety gaps in web-based products。
(vi) in the event of a major event in the country, no unauthorized publication of information on safety gaps in the products of the internet may be made without the consent of the ministry of public security。
(vii) unpublicized information on safety gaps in web-based products shall not be made available to organizations or individuals outside the country other than the network product provider。
(viii) other relevant provisions of laws and regulations。
