The Ministry of Industry and Information Technology officially released the security vulnerability library of mobile Internet APP products

On July 12, 2021, the Ministry of Industry and Information Technology, the Cyberspace Administration of China, and the Ministry of Public Security jointly issued the “Regulations on the Management of Security Vulnerabilities in Network Products” (hereinafter referred to as the “Regulations”). In order to implement the requirements of the “Regulations”, do a good job in the management of security vulnerabilities of mobile Internet APP products, and build an ecosystem of collaborative linkage and inclusive sharing, under the organization and guidance of the Cyber ​​Security Administration of the Ministry of Industry and Information Technology, China Software Evaluation Center has undertaken Mobile Internet APP Product Security Vulnerability Database (CAPPVD) construction work, and relying on the China Computer Industry Association to establish a security vulnerability management ad hoc working group.

The Ministry of Industry and Information Technology officially released the security vulnerability library of mobile Internet APP products

On August 26, 2021, the launch ceremony of the security vulnerability library of mobile Internet APP products of the Ministry of Industry and Information Technology and the establishment ceremony of the ad hoc working group on security vulnerability management were held in Beijing.

This release is sponsored by China Electronics and Information Industry Development Research Institute, China Software Evaluation Center (Software and Integrated Circuit Promotion Center of the Ministry of Industry and Information Technology), and co-organized by China Computer Industry Association. It aims to implement the relevant requirements of the “Regulations” and give full play to mobile The technical advantages of related companies in the Internet field, together with well-known scientific research institutions, universities, security companies, network product providers, network operators, etc. in the industry, make every effort to do a good job in the collection, identification, and repair of mobile Internet APP product vulnerabilities, and improve threat response and risk. management capabilities to ensure national network security.

Tao Qing, deputy director of the Cyber ​​Security Administration of the Ministry of Industry and Information Technology, Wang Hui, deputy director of the Beijing Municipal Communications Administration, and Huang Zihe, deputy director of the China Electronics and Information Industry Research Institute attended the meeting and delivered speeches. Ni Guangnan, academician of the Chinese Academy of Engineering, made a special report.

  

Deputy Director Tao Qing pointed out in his speech that at present, network technology is highly integrated with national production and life, and with the rapid development of mobile Internet application business, the risk of security vulnerabilities in its products has become increasingly prominent. The promulgation of the “Regulations” will promote the institutionalization, standardization and rule of law of network product security vulnerability management, and improve the vulnerability management level of relevant subjects. Scientific research institutions, universities, security companies, network product providers, network operators, etc. should increase their attention, strictly implement the requirements of the “Regulations”, and continuously improve their product security vulnerability management capabilities and technical levels, and strive to create a safe and healthy network security ecosystem. In the next step, the Ministry of Industry and Information Technology will focus on the implementation of policies, mechanism improvement, and platform construction, and organize comprehensive management of network product security vulnerabilities.

  

Deputy Director Wang Hui pointed out in his speech that the Beijing Municipal Communications Administration, as the competent authority of the telecommunications and Internet industries in Beijing, will undertake the supervision and management of network product security vulnerabilities in the telecommunications and Internet industries under the guidance of the Ministry of Industry and Information Technology. Deputy Director Wang Hui put forward expectations for industry units such as China Electronics and Information Industry Development Research Institute, China Software Evaluation Center, network product providers and network operators. Under the guidance, jointly contribute to the maintenance of the capital’s network security.

  

Vice President Huang Zihe pointed out in his speech that the current network security protection is no longer just dependent on an individual or organization, but a network security ecological chain based on information sharing and collaboration. Under the guidance of the Ministry of Industry and Information Technology, China Software Evaluation Center undertakes the construction of the Ministry of Industry and Information Technology’s mobile Internet APP product security vulnerability database, and relies on the China Computer Industry Association to establish a security vulnerability management ad hoc working group, which will work with well-known scientific research institutions in the industry, Universities, security companies, network product providers, network operators, etc. establish a unified and standardized collection, verification, and disposal system, gather multi-party capability elements, and effectively improve the level of security vulnerability management in mobile Internet App products in my country, and promote the security and order of the mobile Internet industry. develop.

  

Witnessed by the relevant leaders of the Network Security Administration of the Ministry of Industry and Information Technology, the Beijing Municipal Communications Administration, and CCID Research Institute, the Ministry of Industry and Information Technology’s Mobile Internet APP Product Security Vulnerability Database (CAPPVD) was officially released.

  

Tang Gang, Assistant Director of China Software Evaluation Center, introduced the CAPPVD vulnerability library and its management. Tang Gang said that the China Software Evaluation Center will use the ad hoc working group as the basis, gather the strength of the industry, and continuously improve the important functions of vulnerability library collection, certification, disposal, etc., to ensure the unimpeded vulnerability collection, ensure the timely and effective patching measures, and ensure the safe operation of the vulnerability library. It is stable and provides strong support for improving the security protection capability of APP.

  

Gu Ninglun, Deputy General Manager of China Mobile Network Business Department, Quan Xiaowen, Founder (CEO) of Shengbang Security, Zhang Zhaolong, Founder of Guanan Information, Lu Zuohua, Dean of Bang Bang Security and Security Research Institute, and operation of Qi’anxin Group’s Sky Patching Vulnerability Response Platform Director Tian Peng, senior security expert of Alibaba Group Security Department Lin Zimin, and senior director of Jingdong Group Information Security Department Zhou Qun delivered keynote speeches successively.

  

At the meeting, Tang Gang, Assistant Director of China Software Evaluation Center, and Xiang Chunlei, Executive Deputy Secretary-General of China Computer Industry Association, awarded licenses to the representatives of the first batch of members of the Ad Hoc Working Group on Security Vulnerabilities (see the attachment for the list).

 

In this event, the Ministry of Industry and Information Technology Network Security Administration, other industry authorities, subordinate units, heads of provincial, autonomous, and municipal communications administrations, basic telecommunications companies, Internet companies, network security companies, scientific research institutions, university representatives and experts Scholars and others attended the meeting.

The Regulations will come into force on September 1. China Electronics and Information Industry Development Research Institute and China Software Evaluation Center will strictly implement the requirements of the “Regulations” under the guidance of the Cyber ​​Security Administration of the Ministry of Industry and Information Technology, and rely on the CAPPVD vulnerability database to organize member units of the Security Vulnerability Management Ad Hoc Working Group To jointly protect the new safety of the industry and create a new development of the industry!

 Notes:

Construction operation and maintenance support unit:

China Mobile Communications Group Co., Ltd.

Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd.

Shanghai Guanan Information Technology Co., Ltd.

Qi Anxin Technology Group Co., Ltd.

 Support unit:

China Telecom Group Co., Ltd.

China United Network Communications Group Co., Ltd.

National Industrial Information Security Development Research Center

China Industrial Internet Research Institute

The First Research Institute of the Ministry of Public Security

National Information Technology Security Research Center

Supervision Center of the State Administration of Radio and Television

The 15th Research Institute of China Electronics Technology Group Corporation

The Sixth Research Institute of China Electronics Information Industry Group Co., Ltd.

Alibaba (China) Co., Ltd.

Shenzhen Tencent Computer System Co., Ltd.

Beijing Jingdong Sanbailu Shidu Electronic Commerce Co., Ltd.

Xiaomi Technology Co., Ltd.

Beijing Bang Bang Security Technology Co., Ltd.

Venustech Information Technology Group Co., Ltd.

Beijing Tianrongxin Network Security Technology Co., Ltd.

Beijing Shenzhou Lvmeng Technology Co., Ltd.

Beijing Zhiyou Network Security Technology Co., Ltd.

The Links:   NL10276BC28-21E PM20CVL060