Dakota Cary on China’s weaponization of software vulnerabilities

Episode sponsors:

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline.

In this episode, Cary expands on a new report — 'Sleight of Hand' — that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, advanced threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.

Links:

• Sleight of hand: How China weaponizes software vulnerabilities
• Dakota Cary on Twitter
• Moussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate
• CSRB Log4j incident report (PDF)
• CISA China Cyber Threat Overview and Advisories