33 min listen
China’s Approach to Software Vulnerabilities Reporting
China’s Approach to Software Vulnerabilities Reporting
ratings:
Length:
45 minutes
Released:
Oct 19, 2023
Format:
Podcast episode
Description
In July 2021, the Chinese government published its “Regulations on the Management of Network Product Security Vulnerabilities.” These rules require researchers to inform the government of all flaws in code within 48 hours of their discovery, effectively supporting efforts to stockpile software vulnerabilities, which can then be used for offensive cyber operations.Lawfare Fellow in Technology Policy and Law Eugenia Lostri sat down with two guests who recently authored a report on how China manages software vulnerabilities. Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub and a consultant at Krebs Stamos Group. Kristin del Rosso is a public sector field CTO at IT security company Sophos. They talked about how companies have adjusted to China’s rules, how their system compares to the U.S. voluntary approach, and the incentives to collect vulnerabilities for offensive operations. Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
Released:
Oct 19, 2023
Format:
Podcast episode
Titles in the series (100)
Episode #6: Jack Goldsmith on Power and Constraint: Jack Goldsmith discusses his new book, Power and Constraint: The Accountable Presidency after 9/11. by The Lawfare Podcast