McAfee says it won't allow government review of its source code

null

US security firm McAfee has announced that it will no longer allow governments to review its source code as this process could be used to discover exploits that could end up being used to launch cyber attacks. 

In recent years, the Russian government has begun to place greater demands on foreign technology companies operating within the country and has even gone so far as to require they submit their source code for review.    

The reviews themselves are conducted by Russian companies in secure facilities often referred to as “clean rooms” where foreign-made software is examined to ensure that there are no back doors that could be used by the company itself or other third parties.  While companies that wish to do business in the country will go through with this ordeal, security experts and US officials have warned that these inspections provide Russia with ample opportunities to discover vulnerabilities which they could later exploit. 

After leaving Intel and being spun off as its own independent company in April, McAfee ended the reviews and a spokeswomen for the company cited this transition as one of the reasons behind its decision to no longer subject its software to scrutiny from the Russian government, saying: 

“The new McAfee has defined all its own new processes, reflecting business, competitive and threat landscapes unique to our space.  This decision is a result of this transition effort.” 

One of the company's competitors, Symantec also adopted a similar policy at the beginning of 2016 when it adopted a global policy against complying with any government-mandated source code reviews. 

Image Credit: Tookapic / Pexels