The Chinese government has recently issued “Regulations on the Management of Network Product Security Vulnerabilities,” which requires the establishment of a network security threat and vulnerability information sharing platform and a general network product security vulnerability database.
In response to this, the China Academy of Information and Communications Technology (CAICT) has been tasked with building and operating these platforms.
To improve the operation level of the general network product security vulnerability library and enhance network product security vulnerability management support and public services, CAICT has announced that it will organise the selection of the first batch of technical support units for the security vulnerability database of general network products.
These technical support units will be responsible for the collection of network product security vulnerability information, risk research and judgment, and disposal notification.
To be eligible for selection, the applicant unit must be an enterprise, public institution, scientific research institution, or social organisation established within the territory of the People’s Republic of China with an independent legal personality, engaged in work related to network security.
The applicant unit must comply with the current laws and regulations of China and have no bad records in the national enterprise credit information publicity system. Additionally, the applicant unit must possess the capabilities of network product security research, emergency response, and product research and development, as well as certain security vulnerability detection, discovery, judgment, and repair capabilities.
Vulnerability reporting units will be selected based on their technical capabilities and work performance in vulnerability detection, mining, and other related work, as well as the qualifications and capabilities of the personnel engaged.
The selection of technical support units for the security vulnerability database of general network products is an important step towards improving network product security vulnerability management in China.
CAICT hopes to improve network product security vulnerability management support and public services by mobilising and stimulating the enthusiasm, initiative, and creativity of all parties in the industry to participate in the governance of network product safety risks.
In addition, the CAICT has announced the launch of the compilation of the database industry map for the year 2023. The project is being undertaken by the Institute of Cloud Computing and Big Data and the CAICT Database Application Innovation Laboratory.
The aim of the project is to analyse and sort out the current development status of the database industry chain, study the classification and distribution of database products, and gain insights into the status of industrial development.
The project is an important part of China’s “14th Five-Year Plan” Software and Information Technology Service Industry Development Plan, which focuses on promoting the application of basic software in the office field. The plan aims to improve desktop, server, mobile terminal, vehicle, and other operating system products, and promote the integration, adaptation, and optimisation of operating systems, databases, middleware, office suites, security software, and various applications.
It also aims to accelerate the development and application promotion of distributed databases, hybrid transaction analysis processing databases, shared memory database clusters, and other products. The database industry map will help to identify new competitive advantages in the future and achieve high-quality development of the digital economy.
It is crucial for the country to strengthen its information industry and informatisation construction. By gaining insights into the status of the database industry, the project will contribute to the overall development of China’s software and information technology service industry.