Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tech Firms Let Russia Probe Software Widely Used by US Government (reuters.com)

Posted by msmash on from the closer-look dept.

Major global technology providers SAP, Symantec, and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, Reuters reported on Thursday. From the report: The practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies, U.S. lawmakers and security experts said. It involves more companies and a broader swath of the government than previously reported. In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers. But those same products protect some of the most sensitive areas of the U.S government, including the Pentagon, NASA, the State Department, the FBI and the intelligence community, against hacking by sophisticated cyber adversaries like Russia.

11 of 115 comments (clear)

  1. I wish... by Narcocide · · Score: 2

    ... that I could be confident our elected officials were at least smart enough not to believe Russian officials also needed root access to all the production machines in order to complete a source code audit.

  2. The US gov't shouldn't use open source software? by Anonymous Coward · · Score: 2, Funny

    So if it's wrong/bad for foreign entities to view the source code of software used by the US government, does that mean that the US government should avoid any and all open source software because foreign entities can easily view its source code?

  3. Actual headline: by king+neckbeard · · Score: 5, Insightful
    Here's what the actual headline should be:
    Tech firms let Russia probe software widely used by US government, following same processes US government, and all other governments, use.

    This is a non-story. They try to make it sound like this is some nefarious method to undermine the US government, when the reality is that they're checking to make sure there aren't NSA backdoors.

    --
    This is my signature. There are many like it, but this one is mine.
    1. Re:Actual headline: by Train0987 · · Score: 2, Insightful

      Gotta keep that Russians!=BAD narrative alive at all costs.

    2. Re:Actual headline: by gweihir · · Score: 5, Insightful

      Indeed. And governments can get access to windows source code as well. It is a good bet that the Russians and the Chinese also have this access.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Enough Of The D&C Bullshit by NicknameUnavailable · · Score: 3, Insightful

    Of course a defense department looking to use a piece of software is going to inspect it for security. Frankly it's more a sign of Russia's lack of security that they would use US software on their systems than anything else. Security through obscurity isn't security so opening the source is irrelevant to anything from a security perspective.

  5. LINUX IS RUSSIAN TREASON! by Anonymous Coward · · Score: 5, Funny

    That's nothing, Linus Torvalds regularly publishes code that EVERY SINGLE RUSSIAN can access. It's TREASON!

  6. Re:So what? by Plus1Entropy · · Score: 4, Insightful

    How about you get over Benghazi and her emails? You know the difference between those stories and Russia? The investigations were completed and found nothing.

    If Russia is nothing, then let the investigations complete it and tell us so. Then you can bitch that we're not "over it".

    --
    Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  7. Yes, so? This is standard practice... by gweihir · · Score: 4, Insightful

    Every large-enough customer can get access to source-code of closed software. This is completely standard and there is nothing nefarious going on here. This only endangers anything US if the US messed up their own review.

    Who writes these demented articles?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  8. Re: So what? by muffen · · Score: 3, Insightful

    Claiming the Russians got Trump elected is a cover for the clear corruption of the Clintons and the DNC.

    Putin preferred Trump over Clinton. Putin put his machine to work to help get Trump elected. So far, that's fairly agreed upon. The question is if Trump knew or not.

  9. Re:China does the same thing... by Bert64 · · Score: 2

    All of whom have their own agendas, and are under NDA...
    But the source code of these application is not available to the general public, so independent researchers cannot review it.
    If a government is going to review code for their own use, they will review open code too as they don't need to jump through hoops to get it. Having restricted access to source code just gives an advantage to those who have it, to the detriment of everyone else.

    Also there are various illegal leaks of closed source code. Being illegal, no legitimate researchers will touch them, but those with criminal intent have no such problem and will happily review the illegal leaks looking for bugs they can exploit.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!