The HN link links to a twitter post that links to the above link.
Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud - https://news.ycombinator.com/item?id=29658342 - Dec 2021 (187 comments)
Submitters: "Please submit the original source. If a post reports on something found on another site, submit the latter." https://news.ycombinator.com/newsguidelines.html
There is nothing misleading or inflammatory
This NYTimes reporter only added inflammatory spins like "right of first refusal", "researchers went rogue" that are nowhere to be found in the linked article.
[1] https://news.ycombinator.com/item?id=29658977
[2] http://www.gov.cn/gongbao/content/2021/content_5641351.htm
There's no suggestion that China gets any first say on 0-days. The law in question re reporting is at http://www.gov.cn/gongbao/content/2021/content_5641351.htm and states that you must immediately notify vendors of security flaws, and then the MIIT within 2 days.
and it's fitting that Mdm. Perlroth is the one to provide that "punchier title".
She's _the_ definition of an unhinged talking head of infosec. Her book on 0days ("this is how they tell me the world ends") is full of logical fallacies, jumping to conclusions, lacks technical understanding, etc., yet somehow she manages to now speak about cyber on behalf of all of us and everyone is applauding her shit takes whenever some news drop. There are plenty of capable women in cyber who we could amplify. But no! We have to give a podium to this carrion.
Now I read they have to give it to the government first.
Big difference. Which is the truth and how do we know?
Putting Alibaba in the corner for 6 months is an incredibly petty response, but no surprise at all.
