Chinese government lays out new vulnerability disclosure rules
The most important talking points are the fact that:
-researchers/vendors must share vulnerability reports with state agencies within two days of a report
-researchers are not allowed to release bug details before vendors had a reasonable chance to patch, except on rare occasions
-the new law also bans zero-day sales and vulnerability hoarding
-researchers are also banned from sharing data with overseas organizations (bug bounty platforms, hacking contests, CERT teams), except with product vendors & service providers directly
https://therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/ (https://therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/)
https://archive.st/archive/2021/7/therecord.media/ekst/therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/index.html (https://archive.st/archive/2021/7/therecord.media/ekst/therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/index.html)
https://archive.is/BOX93 (https://archive.is/BOX93)