122 Views

McAfee says it no longer will permit government source code reviews

© Reuters. Computer security software is shown for sale at a computer store in San Marcos© Reuters. Computer security software is shown for sale at a computer store in San Marcos

By Dustin Volz and Joel Schectman

WASHINGTON (Reuters) – U.S.-based cyber firm McAfee said it will no longer permit foreign governments to scrutinize the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber attacks.

Reuters reported in June that McAfee was among several Western technology companies that had acceded in recent years to greater demands by Moscow for access to source code, the instructions that control basic operations of computer equipment.

The reviews, conducted in secure facilities known as “clean rooms” by Russian companies with expertise in technology testing, are required by Russian defense agencies for the stated purpose of ensuring no hidden “backdoors” exist in foreign-made software.

But security experts and former U.S. officials have said those inspections provide Russia with opportunities to find vulnerabilities that could be exploited in offensive cyber operations.

McAfee ended the reviews earlier this year after spinning off from Intel (NASDAQ:INTC) in April as an independent company, a McAfee spokeswoman said in an email to Reuters last week.

The company declined to give a precise timeline for when it stopped allowing such reviews.

“The new McAfee has defined all its own new processes, reflecting business, competitive and threat landscapes unique to our space,” the spokeswoman said. “This decision is a result of this transition effort.”

She added that there had been no evidence of a security issue related to the reviews.

McAfee’s decision follows a similar move by competitor Symantec (O:SYMC), which in early 2016 adopted a global policy of refusing to comply with any government-mandated source code reviews required to win entry to a market.

Symantec Chief Executive Greg Clark told Reuters earlier this month the decision resulted from fears the agreements would compromise the security of its products.

Reuters reported this month that Hewlett Packard Enterprise allowed one such testing company, Echelon, to review on behalf of a Russian defense agency the source code of cyber defense software known as ArcSight, which is used by the Pentagon to guard its computer networks.

That arrangement has prompted questions from lawmakers in Washington amid broader concerns about Russia’s use of digital means to sow discord and interference in elections in the United States and other Western countries, allegations the Kremlin has repeatedly denied.

In a letter last week to Defense Secretary James Mattis, Democratic Senator Jeanne Shaheen asked how the Pentagon manages risks when using software that has been scrutinized by foreign governments.

HPE has said in the past that such reviews have taken place for years at a research and development center it operates outside of Russia.

The software maker has also said it closely supervised the process and that no code was allowed to leave the premises, ensuring it did not compromise the safety of its products. A company spokeswoman said earlier this month that no current HPE products have undergone Russian source code reviews.

ArcSight was sold to British tech company Micro Focus International Plc (L:MCRO) in a deal completed in September.

Micro Focus said this month that while source code reviews were a common industry practice, it would restrict future reviews by “high-risk” governments and subject them to chief executive approval.

McAfee also allowed Echelon to review its software source code, Reuters reported in June. Such tests were conducted in a secure environment at a McAfee facility in the United States where the source code could not be copied, a spokeswoman said.

The company spokeswoman said the new policy would prohibit third-party entities, including Echelon, from doing reviews on behalf of governments.

sponsoredArticle = ‘div-gpt-ad-1466339494851-0’;

You may be interested

Princeton graduates’ crypto-currency wins backing of big U.S. investors
Cryptocurrency News
194 views
Cryptocurrency News
194 views

Princeton graduates’ crypto-currency wins backing of big U.S. investors

editor - October 27, 2017

© Reuters. Princeton graduates' crypto-currency wins backing of big U.S. investors By Gertrude Chavez-Dreyfuss NEW YORK (Reuters) - U.S. investors…

No end in sight for tech giant share gains
Technology News
178 views
Technology News
178 views

No end in sight for tech giant share gains

editor - October 27, 2017

© Reuters. Amazon logo is pictured in Mexico City By Sweta Singh and Nivedita Bhattacharjee (Reuters) - How much bigger…

Exxon Mobil Q3 Earnings Beat Analyst Expectations
Stock Market News
187 views
Stock Market News
187 views

Exxon Mobil Q3 Earnings Beat Analyst Expectations

editor - October 27, 2017

© Reuters. Exxon Mobil Q3 earnings beat analyst expectations. Investing.com - Exxon (NYSE:XOM) Mobil’s financial results came in higher than…