Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer.
No one may “collect, sell or publish information on network product security vulnerabilities,” said the rules issued by the Cyberspace Administration of China and the police and industry ministries. They take effect on Sept. 1.
The ruling party’s military wing, the People’s Liberation Army, is a leader along with the United States and Russia in cyber warfare technology. PLA officers have been charged by U.S. prosecutors with hacking American companies to steal technology and trade secrets.