A slew of western tech firms appear to have capitulated to the Russian government’s demands for insights into product security secrets, potentially making them vulnerable to external threats. This includes prominent names like Cisco, IBM and SAP, and come in compliance to Russian government’s demands to allow authorities to review the source code associated with their products.
What is worrying, is that many of these products include consumer centric solutions like firewalls, anti-virus applications and so on. So not only these companies are put under threat, but so are their customers. The government’s logic here, is that foreign spy agencies could have hidden backdoors into their systems and this could harm Russians in turn.
As far fetched as this theory sounds, the number of government requests have increased — as in the government has grown really, really insistent. Not to be denied insistent. However, the other side of the coin is that it will allow Russians to access the depths of these products and thus enable them to find vulnerabilities in the same. And considering the fact that Russia has been linked with many, many cyber attacks in recent times, that is not a very happy thought.
While many firms have affirmed that they are merely complying with the demands of the Russian government in order to maintain their access to the lucrative market, some firms feel that this is taking thing too far and have stopped. Symantec for instance, is one among a number of companies that have stopped its co-operation with the Russian government over source code inspection.
The US government is also taking an interest in the matter however, it doesn’t hold much of a legal sway as long as military matters are involved — which usually aren’t. The companies on the other hand, are saying that they only allow review within secure facilities of their own to prevent any copying. Albeit, the method isn’t exactly what you would all foolproof.
Speaking on the topic, a former senior Commerce Department official told Reuters:
You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.
Meanwhile, the companies responsibilities have skyrocketed as they must now ensure that any vulnerabilities present in the code must not be exposed to the government representatives. After all, who wants to be the next Yahoo?