Chinese government lays out new vulnerability disclosure rules January 23, 2022, 12:34:07 am Chinese government lays out new vulnerability disclosure rulesThe most important talking points are the fact that:-researchers/vendors must share vulnerability reports with state agencies within two days of a report-researchers are not allowed to release bug details before vendors had a reasonable chance to patch, except on rare occasions-the new law also bans zero-day sales and vulnerability hoarding-researchers are also banned from sharing data with overseas organizations (bug bounty platforms, hacking contests, CERT teams), except with product vendors & service providers directlyhttps://therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/https://archive.st/archive/2021/7/therecord.media/ekst/therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/index.htmlhttps://archive.is/BOX93