|
China National Vulnerability Database
The China National Vulnerability Database (CNNVD) is one of two national vulnerability databases of the People's Republic of China. It is operated by the China Information Technology Security Evaluation Center (CNITSEC), the 13th Bureau of China's foreign intelligence service, the Ministry of State Security (MSS).[1][2] As of September 28, 2020, the database has 117,454 vulnerabilities cataloged with the first entry dated January 1, 2010.[3] OrganizationThe organization is operated by the China Technology Evaluation Center (中国信息安全测评中心; Zhōngguó Xìnxī Ānquán Cèpíng Zhōngxīn, known in English as CNITSEC), which is a subsidiary office of the MSS, making the organization closely linked to the Chinese intelligence apparatus.[4] According to its official website, CNNVD performs "analysis and information communication of security vulnerabilities of information technology products and systems; security risk assessment of information networks and important information systems of party and government organs; safety testing and evaluation of information technology products, systems and engineering construction; competency assessments and qualification reviews for information security services and professionals; theoretical research, technology research and development and the development of standards"[5] The agency has been criticized as a trojan horse manipulated by Chinese intelligence in order to take advantage of vulnerabilities in order to wage cyberwarfare against foreign targets. According to Boston based cybersecurity firm Recorded Future, the MSS evaluates all submitted vulnerabilities before releasing them in order to determine if they can be used for the purposes of cyber-espionage; according to researchers this was demonstrated through extensive backdating of vulnerabilities.[6] References
External links
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
