Security Market Segment LS
Thursday, 02 August 2018 10:41

US forces firms to disclose source code reviews by Russia, China


US or foreign technology companies that disclose source code of software used by the American military to governments like Russia and China — which are deemed adversaries — in order to facilitate a sale, will have to inform the US Government about it, according to new legislation.

Reuters  said the legislation, part of the defence spending bill, came in the wake of its report last year that a Russian defence agency was allowed to look at the source code of ArcSight, software used by the US military in cyber defence.

The law specifies that any security risks identified by the US Government would have to be mitigated by the company in question or the contract would be terminated.

The Russian review of the ArcSight source code was facilitated by Hewlett Packard Enterprise in order to obtain the certification needed to get orders for Russia's public sector.

ArcSight alerts analysts when computer systems are attacked and is also used in the private sector. It is now owned by British mainframe company Micro Focus which acquired HPE's software assets in a sale that was completed in 2017.

Microsoft allowed China to inspect the source code of Windows as a prerequisite to craft a product — Windows 10 China Government Edition — that could be sold to the Chinese public sector.

Last year, Symantec chief executive Greg Clark said in an interview that, while his company was willing to sell its products in any country, “that is a different thing than saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’.”

The legislation on source code disclosure was drafted by Democrat Senator Jeanne Shaheen of New Hampshire. It has been passed by Congress and sent to President Donald Trump for his signature.

Shaheen told Reuters in a statement: "This disclosure mandate is the first of its kind, and is necessary to close a critical security gap in our federal acquisition process.

“The Department of Defence and other federal agencies must be aware of foreign source code exposure and other risky business practices that can make our national security systems vulnerable to adversaries."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments