Compliance Management, Threat Intelligence, Vulnerability Management

Global tech firms let Russian defense agency peek into source code to search for flaws

A handful of tech companies have given a Russian defense agency the opportunity to sort the source code of their software, used by U.S. government agencies, to uncover vulnerabilities that the Russians say they fear could be exploited by bad actors.

McAfee, Symantec, Micro Focus and SAP all have submitted to the practice, sparking concern at the Pentagon and among lawmakers, according to a Reuters review of both U.S. defense contracts and Russian regulatory requirements. 

To do business with Russia, U.S. tech companies often must obtain certification from the country's Federal Service for Technical and Export Control (FSTEC), the FSB, the Russian intelligence agency, and other agencies. 

“I fear that access to our security infrastructure - whether it be overt or covert - by adversaries may have already opened the door to harmful security vulnerabilities,” Sen. Jeanne Shaheen, D-N.H., said, according to Reuters.

The software is used not only by the Pentagon, the report said, but also at NASA, the State Department, the FBI and within the intelligence community, where it's used to fend off attacks by nation-states such as Russia.

"Even letting people look at source code for a minute is incredibly dangerous," Reuters quoted Steve Quane, executive vice president for network defense at Trend Micro, as saying.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.