Core Points - A network product with interactive information release functionality was found to have security vulnerabilities, which were disclosed before the provider issued a patch, leading to administrative penalties against the platform operator by law enforcement [1] - The Cybersecurity Law mandates that organizations or individuals must adhere to specific regulations when publishing information about network product vulnerabilities [2][3][4][5][6][7] Group 1 - The platform operator was penalized for publicly disclosing vulnerability details and tools for exploiting these vulnerabilities before the provider could issue a fix [1] - The Cybersecurity Law outlines that vulnerability information must not be released before the provider has issued a patch, and any early disclosure requires coordination with the provider and reporting to relevant authorities [2][4] - Organizations must ensure that published vulnerability information is necessary, truthful, objective, and beneficial for preventing cybersecurity risks [2][3] Group 2 - It is prohibited to publish details of vulnerabilities in operational networks or systems, and exaggeration of risks associated with vulnerabilities is not allowed [2][3] - The release of tools specifically designed to exploit vulnerabilities is also forbidden [3] - During major national events, publishing vulnerability information without approval from the Ministry of Public Security is prohibited [5]
未按规定发布网络产品安全漏洞信息,某单位被网警依法处罚
Ren Min Ri Bao·2025-11-05 23:45