Slashdot Mirror
HP Enterprise Let Russia Scrutinize The Pentagon's Cyberdefense Software (reuters.com)
"A Russian defense agency was allowed to review the cyberdefense software used by the Pentagon to protect its computer networks," writes new submitter quonset. "This according to Russian regulatory records and interviews with people with direct knowledge of the issue." Reuters reports:
The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of Hewlett Packard Enterprise's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman. Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack. "It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."
It's another example of the problems security companies face when they try to do business internationally, according to Reuters. "One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software."
Long-time Slashdot reader bbsguru has his own worries. "So, opening your code for review because it is demanded by a potential customer? What could possibly go wrong? HPE may find out, and the U.S. Military is among the many clients depending on the answer."
It's another example of the problems security companies face when they try to do business internationally, according to Reuters. "One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software."
Long-time Slashdot reader bbsguru has his own worries. "So, opening your code for review because it is demanded by a potential customer? What could possibly go wrong? HPE may find out, and the U.S. Military is among the many clients depending on the answer."
buy security software instead of making it's own? Answer: Because none of this matters. The people who matter are global, not national. I saw a thing where Joe Biden said that rich people were as patriotic as poor. But that's just not true. Patriotism is a love of country. But the really wealth (not just the millionaires, but the multi-millionaires and billionaires) are no longer beholden to a country. They no longer depend on a country for anything. They global. And that means all this international intrigue is just pissing in the wind for them. At the end of the day they'll sit down with their fellow global citizens and hash it all out. Usually to the detriment of those of us still dependent on nation-states.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Imagine, if Russians would see the source code of Linux. There are too many devices serving as... You name it - servers, routers, and even mobile operating systems are based on Linux! How long will it take until someone will disclose the Linux sources to Russians? What a dangerous world we are living in. Let's hope for the best, although frankly I'm quite afraid.