McAfee Says It No Longer Will Permit Government Source Code Reviews

Advertisement
By Reuters | Updated: 27 October 2017 13:26 IST

US-based cyber firm McAfee said it will no longer permit foreign governments to scrutinise the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber-attacks.

Reuters reported in June that McAfee was among several Western technology companies that had acceded in recent years to greater demands by Moscow for access to source code, the instructions that control basic operations of computer equipment.

Advertisement

The reviews, conducted in secure facilities known as "clean rooms" by Russian companies with expertise in technology testing, are required by Russian defense agencies for the stated purpose of ensuring no hidden "backdoors" exist in foreign-made software.

But security experts and former US officials have said those inspections provide Russia with opportunities to find vulnerabilities that could be exploited in offensive cyber operations.

Advertisement

McAfee ended the reviews earlier this year after spinning off from Intel in April as an independent company, a McAfee spokeswoman said in an email to Reuters last week.

The company declined to give a precise timeline for when it stopped allowing such reviews.

Advertisement

"The new McAfee has defined all its own new processes, reflecting business, competitive and threat landscapes unique to our space," the spokeswoman said. "This decision is a result of this transition effort."

She added that there had been no evidence of a security issue related to the reviews.

Advertisement

McAfee's decision follows a similar move by competitor Symantec, which in early 2016 adopted a global policy of refusing to comply with any government-mandated source code reviews required to win entry to a market.

Symantec Chief Executive Greg Clark told Reuters earlier this month the decision resulted from fears the agreements would compromise the security of its products.

Reuters reported this month that Hewlett Packard Enterprise allowed one such testing company, Echelon, to review on behalf of a Russian defense agency the source code of cyber defense software known as ArcSight, which is used by the Pentagon to guard its computer networks.

That arrangement has prompted questions from lawmakers in Washington amid broader concerns about Russia's use of digital means to sow discord and interference in elections in the United States and other Western countries, allegations the Kremlin has repeatedly denied.

In a letter last week to Defense Secretary James Mattis, Democratic Senator Jeanne Shaheen asked how the Pentagon manages risks when using software that has been scrutinized by foreign governments.

HPE has said in the past that such reviews have taken place for years at a research and development center it operates outside of Russia.

The software maker has also said it closely supervised the process and that no code was allowed to leave the premises, ensuring it did not compromise the safety of its products. A company spokeswoman said earlier this month that no current HPE products have undergone Russian source code reviews.

ArcSight was sold to British tech company Micro Focus International Plc in a deal completed in September.

Micro Focus said this month that while source code reviews were a common industry practice, it would restrict future reviews by "high-risk" governments and subject them to chief executive approval.

McAfee also allowed Echelon to review its software source code, Reuters reported in June. Such tests were conducted in a secure environment at a McAfee facility in the United States where the source code could not be copied, a spokeswoman said.

The company spokeswoman said the new policy would prohibit third-party entities, including Echelon, from doing reviews on behalf of governments.

© Thomson Reuters 2017

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: McAfee, Internet, Backdoor, Intel
Advertisement

Related Stories

Popular Mobile Brands
  1. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  2. Meta Introduces New Parental Alerts for Teen Suicide and Self-Harm Conversations
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.