SAP, Symantec and McAfee have reportedly allowed Russian authorities study, understand and review the software used by the US government.
According to a report by Reuters, the practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies, US lawmakers and security experts said. It involves more companies and a broader swath of the government than previously reported.
In order to sell in the Russian market, the tech companies let a Russian defence agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers.
But those same products protect some of the most sensitive areas of the US government, including the Pentagon, NASA, the State Department, the FBI and the intelligence community, against hacking by sophisticated cyber adversaries like Russia.
The security firms said that any source code reviews were conducted under the software maker’s supervision in secure facilities where the code could not be removed or altered. The process does not compromise product security, they said. Amid growing concerns over the process, Symantec and McAfee no longer allow such reviews and Micro Focus moved to sharply restrict them late last year.
