Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report Says China Will Demand Source Code

Posted by kdawson on from the said-the-spider-to-the-fly dept.

An anonymous reader alerts us to a two-week-old story that hasn't gotten much traction in the press to date. A Japanese newspaper and the AP report that China plans to demand source code from hardware manufacturers, and ban the sale of products from companies that don't comply. China is calling this an "obligatory accreditation system for IT security products." The plan is to go into effect next May, according to sources. "Products expected to be subject to the system are those equipped with secret coding, such as [a] contactless smart card system developed by Sony Corp., digital copiers, and computer servers. The Chinese government said it needs the source code to prevent computer viruses taking advantage of software vulnerabilities and to shut out hackers. However, this explanation is unlikely to satisfy concerns that disclosed information might be handed from the Chinese government to Chinese companies. There also are fears that Chinese intelligence services could exploit such confidential information by making it easier to break codes used in... digital devices."

6 of 305 comments (clear)

  1. Simple solution by DeltaQH · · Score: 5, Insightful

    Just use open source. ;-)

    1. Re:Simple solution by EdIII · · Score: 5, Insightful

      I'm thinking along the same lines in a security context. I have never supported Security Through Obscurity.

      If your security depends on your code being hidden, then I don't find it as valuable as a method that is open to scrutiny. Open Source Vs. Closed Source is a heated debate as always, but Open Source has a serious advantage when it comes to security. Trust. If the public at large can scrutinize the code, it is harder to say that anything nefarious is going on. With Closed Source, you HAVE to trust the company.

      Sony?

      Be fucking serious. The people that brought you a widespread implementation of a root kit to further their own agenda? I am going to have a hard time trusting ANY of their security products.

      I don't know why China may want to do this, but there are good arguments to support their position.

  2. yeah, right by speedtux · · Score: 5, Insightful

    that disclosed information might be handed from the Chinese government to Chinese companies

    It might. And then they have a massive re-engineering problem on their hands. It would usually be easier for them to reimplement the functionality than try to start with undocumented, unsupported source code.

    Doing security audits on software is a legitimate request by a governmental agency. Of course, they should just request that vendors provide open source software.

  3. The big question. by upuv · · Score: 5, Insightful

    Do companies think that the market in China is big enough to justify giving them the source code?

    It doesn't really matter what foreign governments think of this. The can scream all they want. If a company thinks the Chinese market is big enough and they want a piece of it. Then they will cough up the code.

    Privacy, security and IP rites are second tier considerations when it comes to product sales.

    So again. Do companies think that the market in China is big enough to justify giving them the source code?

  4. Biased view of the world have we? by mrboyd · · Score: 5, Insightful
    • When RMS wants the printer driver source code it's freedom protection.
    • When the chinese government wants his printer driver source code their trying to embezzle the gentle and caring westerners...

    I thought source should be free?

    I know American are scared, losing world leader status, economy going down the drain, hockey mom for vp and everything but seriously it's a great move on the Chinese government that you should be applauding. You should be hoping it will be replicated by ALL other governments and that distributing the source becomes an habit for HW manufacturer.
    China has its issue (police state, freedom of the press...), but they seem sometime to have the balls to go where no other lobbyist sponsored government in the "free world" would go and when it's a good move at least have the intellectual honesty to recognize it.

  5. Re:So they can counterfeit by edittard · · Score: 5, Insightful

    if you ask me, it's about time profligate western nations got a taste of what it's like at the other end of the stick.

    Brought to you by the two-wrongs-make-a-right department.

    One other thing. Extort doesn't normally take a person or people as its direct object.

    --
    At the bottom of the /. main page it says 'Yesterday's News'. Well they got that right.