BREAKING: Chinese Ministry of State Security caught manipulating critical CVE data

Newly published research reveals that China has been manipulating critical vulnerability data, and then backdating CVEs to hide the evidence

Recorded Future reckons this manipulation reveals more than it conceals, and the Chinese state has allowed a supposedly public service organisation with a ‘transparency mandate’ to be run by an intelligence agency with a secrecy one. Priscilla Moriuchi, director of strategic threat development at Recorded Future and one of the authors of the report, told SC Media UK that “the CNNVD data manipulation and the influence of the MSS on the vulnerability reporting process is the clearest example to date of why an intelligence service should not manage public vulnerability notification” continuing that such a large-scale manipulation of vulnerability data “undermines trust and could compromise security operations relying solely on CNNVD for that information.”

Click here to read complete article

Leave a Reply

Your email address will not be published. Required fields are marked *