New US regulations: Prohibition of sharing security loopholes with China, opportunities for domestic systems come
Android, iOS and Windows on PC, etc. cover global users. In addition, Apple, Google, Amazon, Microsoft and other companies have been working on open source software for decades, including Chinese manufacturers who also use a lot of open source software from the United States to achieve co-construction and sharing.
However, the United States has made new regulations prohibiting the sharing of security vulnerabilities with China, which means that even if American companies find vulnerabilities in software systems or security problems, they cannot share them with Chinese customers unless permission is obtained. This new regulation has been strongly opposed by Microsoft. If the new regulation is implemented, who will have a greater impact on the US company or the Chinese company? Is there an opportunity for a domestic system?
Chinese and American companies have in-depth cooperation in the operating system software market. Most mobile phone manufacturers use the open source Android system, and ordinary users will definitely install the Windows operating system when they start a new computer. At the developer level, the components of the Apache Software Foundation are often used, which provides great convenience for Chinese developers and manufacturers to participate in open source software projects.
The more people use these operating systems, the more open source software projects, the greater the benefits to US companies. It not only enriches ecological products, but also plays a vital role in improving system optimization.
Co-construction and sharing is based on mutual benefit. Both parties can benefit. There is no reason to exclude excellent software products. This has also prompted many Chinese enterprises to develop and grow in the ecosystem of the American software system.
However, news emerged from the United States that it issued new regulations prohibiting the sharing of security vulnerabilities with China without approval. That is to say, once a U.S. company discovers a security vulnerability in a software system, it must first obtain permission before sharing it. Whether or not it will be possible to obtain permission is unknown.
If it was in the past, US companies would provide information to Chinese enterprise customers in accordance with the normal process when they discovered vulnerabilities, so as to ensure that Chinese enterprise customers can fix the vulnerabilities as soon as possible. Or American companies can provide patches to fill in the loopholes in time.
But now, they don't care if they find a loophole, and they may not be able to manage it if they want to. At that time, it can only be discovered through Chinese companies. If it is not discovered, and overseas developers deliberately exploit loopholes to exploit loopholes, who can guarantee that no network security incident will occur.
The new regulations in the United States are related to the sharing of security loopholes. After the implementation of the new regulations, who will have a greater impact on American companies or Chinese companies?
Just after the new regulations were released in the United States, Microsoft stood up to express their opposition and did not want the new regulations to be implemented.
Judging from Microsoft's opposition, we can actually see who the new regulations will have a greater impact on. Microsoft has many software system ecosystem products all over the world. In order to solve potential vulnerabilities, Microsoft will give great rewards to those who find vulnerabilities.
At the same time, under the action of the vulnerability sharing mechanism, developers will also submit vulnerabilities to Microsoft to help Microsoft better improve the product experience. If the United States restricts vulnerability sharing, then developers and users may not submit vulnerability reports to Microsoft.
After all, sharing security vulnerabilities is mutual, and it is impossible to limit the sharing of vulnerabilities to users while also expecting users to do their best to submit vulnerability reports. In some cases, it is not the U.S. companies that discover the loopholes first, but the Chinese companies that report the loopholes to the other party in a timely manner to avoid further escalation of the situation.
Just like in December 2021, Alibaba Cloud discovered a very large vulnerability in the Apache Log4j2 component of Apache. If it is not dealt with in time, this vulnerability may cause dangers such as remote control of the device and service interruption.
This loophole once made Internet companies at home and abroad wait for it. It can be seen that if there is no timely report from Alibaba Cloud, there may be serious consequences. However, Alibaba Cloud first notified the Apache Software Foundation, not the Ministry of Industry and Information Technology, which also led to Alibaba Cloud's suspension of cooperation by the Ministry of Industry and Information Technology for half a year.
It has been exactly half a year since the incident. It is estimated that Alibaba Cloud will soon be able to return to the original cooperation state.
Through Alibaba Cloud's vulnerability sharing incident, it can be clearly seen that Chinese companies play an important role in improving network information security for US companies. Therefore, the new regulations will have a greater impact on US companies. There are so many software manufacturers in China, and the software system development strength has already ranked among the first-class