2018 China Artificial Intelligence Mobile Security Summit will be held during the China Internet Conference. The forum is hosted by the China Internet Society and hosted by the Mobile Security Alliance. At that time, the Mobile Security Alliance will jointly launch with terminal manufacturers, Internet companies, security vendors, and research institutes. 'Mobile Security Action Plan', launching the Smart Device Vulnerability Cooperation Program, Vulnerability Reward Program, Signing Mobile Vulnerability Self-Regulatory Convention, Security Incident Emergency Response Mechanism, etc.
Mobile Security Action Plan Background
With the development of artificial intelligence and the increasing popularity of mobile smart devices, the risks of various types of vulnerabilities are increasing day by day, and the security incidents that follow are also erupting, which has sounded the alarm for the security management of mobile Internet. At the same time, with the amount of terminal system code The increase, the number of vulnerabilities and the attack surface have also increased, making the intelligent terminal operating system bug fixes more and more need to be taken seriously.
The "Network Security Law of the People's Republic of China" stipulates: Network products, providers of services shall not set up malicious programs; when discovering their network products, services have security risks, loopholes and other risks, they should immediately take remedial measures and promptly inform users according to regulations. Relevant authorities report.
In line with the implementation of the bill, strengthen and standardize the release and disposal of mobile Internet security vulnerability information, safeguard the legitimate rights and interests of citizens, legal persons and other organizations, safeguard network and information security, and promote the healthy development of the industry. Mobile Security Alliance pays close attention to loopholes. , Develop a 'Mobile Security Action Plan' to promote industry self-discipline.
Mobile Security Action Plan Highlights
1. Intelligent Device Vulnerability Cooperation Program
The Mobile Security Alliance promotes the responsibility of all parties in the mobile intelligent device industry chain, collaboratively completes the repair of mobile smart device vulnerabilities, and formulates the Mobile Security Alliance Vulnerability Disposal Cooperation Plan, which will be considered in conjunction with the mobile smart device industry. Degree, scope of influence, difficulty of repair, availability, and other factors, develop a list of mobile smart device vulnerabilities, and facilitate the repair of product vulnerabilities for all parties in the mobile smart device industry chain.
2. Announce security incidents, vulnerability emergency response mechanisms
The mobile security alliance joint industry chain establishes a rapid response mechanism for mobile intelligent device vulnerabilities. The alliance is responsible for collecting security incidents related to mobile smart device vulnerabilities and reporting them to the regulatory authorities. For the most influential security incidents, the coordinated technical testing organizations release testing tools in a timely manner. Promote operating system vendors and equipment vendors to perform patching work, and release security bulletins to users in a timely manner to remind users to update the system in a timely manner.
3. Signing the Self-Regulatory Convention on Mobile Vulnerabilities
The Mobile Security Alliance advocates relevant domestic and foreign manufacturers and testing organizations to jointly sign the "Mobile Security Alliance Vulnerability Information Disclosure and Disposal Self-discipline Convention", in accordance with the basic policy of 'benefit, avoidance, effective management, and active guidance', in order to maintain user personal information security and Legitimate rights and interests, safeguard network and information security, promote the healthy development of the industry, further standardize the behaviors of relevant domestic and foreign manufacturers, testing organizations in the release and disposal of vulnerability information, and actively strengthen self-discipline and common from the perspective of safeguarding the interests of the country, industry and users. Create a good network security environment.