Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec CEO: Source Code Reviews Pose Unacceptable Risk (reuters.com)

Posted by BeauHD on from the security-risk dept.

In an exclusive report from Reuters, Symantec's CEO says it is no longer allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products. From the report: Tech companies have been under increasing pressure to allow the Russian government to examine source code, the closely guarded inner workings of software, in exchange for approvals to sell products in Russia. Symantec's decision highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity as they pursue business with some of Washington's adversaries, including Russia and China, according to security experts. While Symantec once allowed the reviews, Clark said that he now sees the security threats as too great. At a time of increased nation-state hacking, Symantec concluded the risk of losing customer confidence by allowing reviews was not worth the business the company could win, he said.

2 of 172 comments (clear)

  1. Security through obscurity by v1 · · Score: 3, Informative

    "In security engineering, security through obscurity (or security by obscurity) is the reliance on the secrecy of the design or implementation as the main method of providing security for a system or component of a system. A system or component relying on obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, that will be sufficient to prevent a successful attack. Security experts have rejected this view as far back as 1851, and advise that obscurity should never be the only security mechanism."

    So either the CEO of Symantec is a security idiot, or he has a better reason he's not sharing.

    And if he's claiming the reason for using Security Through Obscurity is to provide his customers with a stronger feeling of being secure, I do hope the masses aren't idiots and this backfires as spectacularly as it really should.

    --
    I work for the Department of Redundancy Department.
  2. Re:Two Choices by phantomfive · · Score: 4, Informative

    Good thing Symantec is secure and has no horrible remote exploits that give hackers top-level access to the system.

    Just say no to Symantec, it can only make your system worse (they had a solid C compiler back in the 90s though).

    --
    "First they came for the slanderers and i said nothing."