Security firm Symantec will no longer allow Russian authorities to inspect its source code, according to Reuters. “It poses a risk to the integrity of our products that we are not willing to accept,” the company’s Kristen Batch said. The worry is that by allowing the supposedly independent Federal Security Service (FSB) to examine source code, it would give Russia an inside view of potential software vulnerabilities and exploits.
Other companies allow this sort of thing so that they can take advantage of the country’s projected $ 18.4 billion IT industry. While none of Reuters‘ sources could cite an explicit example of security breaches that have resulted from the practice, there was a strong sense of unease. “It’s something we have a real concern about,” a former Commerce Department official said. “You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.”
The US has previously accused the FSB of 2014’s massive Yahoo email hack and cyber attacks that targeted Hillary Clinton during her 2016 presidential campaign.
Russia isn’t the only country that makes these sorts of requests, however. China, for example, has a long history of such, recently taking two years to scour a version of Windows 10 that Microsoft made for the country’s government before finally approving it in May.
Reuters writes that since Russia’s annexation of Crimea in 2014 that these requests have “mushroomed in scope” following a soured relationship between the countries. Between 1996 and 2013, some 13 products had been requested for security review. In the past three years there have been 28.
IBM, Cisco, Hewlett Packard Enterprise and McAfee have given Russia access to their respective source codes.
Source: Reuters
