Trustworthy Software For The NSA?

Janus Daniels writes "There's a new story from the New York Times, as reprinted at CNET News, about security concerns for Government agencies buying software from overseas. According to the article, a whistle-blower who helped sell software to the National Security Agency says that much of the development work is subcontracted to China, raising serious national security risks. He also discovered in the sales-support database... the names of more than 30 [identity-classified] employees of the United States National Security Agency...'"

Are the subcontractors fully aware..

[Xuranova]

of what it is they're programming, in the sense that do they know they are making a sensitive program for the NSA of the United States? If not then what could be the harm unless a backdoor gets thru unchecked? (I can only hope that some US officials or hired techies DO check this code for backdoors and the like.)

Trusting trust

[robindmorris]

I RTA, and the whistleblower claims that the Chinese could have the opportunity to put something malicious into the code. The company claims that work for the US Govt. is not sent out to China. The security agencies say that they audit all outside code anyway.

The bigger issue is not where the code is written, it's whether you can audit the source yourself (and whether you actually do so.

See reflections on trusting trust for a nice article about why, if it really matters, you should be careful with other people's code.