Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

Internet Firms In China Partner On Fair Practices

The group's goal is to limit malicious competition among online software and increase self oversight while increasing product openness.

In China, a group of 10 high-profile, Internet enterprises is forming an alliance to self regulate online software after a recent row that saw executives accusing each other of developing software that uninstalls rivals' products without a user's knowledge.

The group's goal is to limit malicious competition and increase self oversight while increasing product openness and customer application understanding. Founding members of the alliance include search leader Baidu, online gaming giant Tencent, and popular online video company PPStream.

"Customers' rights come before anything else. We feel that giving customers the right to choose and gaining their confidence is a form of recognition for Chinese software providers," the group said in a statement.

The statement acknowledged the competitive nature of the field but stressed the importance of maintaining proper boundaries. It said: "Positive competition helps the industry to grow and the final beneficiaries are customers. But malicious competition that uses products and technology as a lethal weapon and treats the customers as a battlefield will only result in abandonment, leading to decline."

The firms pledged to make their products more open and to better explain the products' applications. At the same time, they agreed to accept oversight from users and industry players and to not intercept, block, tamper with or uninstall other companies' software.

At the same time, the founder of Chinese Web security company 360, Dong Haiping, said he is also setting up a software monitoring alliance to allow regular users and experts alike to help promote an internet software industry code of conduct.

According to Dong, the rogue software industry was mostly destroyed 2 years ago but the new threat comes from Trojans. Through the creation of a new evaluation platform users can report irregularities and view reports from computer experts allowing them to make a more informed choice.

The president of 360, Qi Xiangdong, said software development self-regulation by industry and manufacturers is not enough – he believes users and independent third parties must play a role. Without this companies were likely to serve their own interests rather than the interests of the industry or the users at large, he said.

Qi referred to some software vendors who take advantage of users who do not understand computers and convince them to install software they shouldn't. He said if the behavior of the software is made totally transparent the consumer "can call the shots."

Other members of the new alliance include Sogou, Kingsoft, Rising, Maxthon, Kuwo, Kuniu and iCafe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.