You could almost hear the collected sharp intake of breath from government agencies the world over when Reuters reported this week that a veritable multitude of massive US and now UK (in the case of Micro Focus that owns the Arcsight security platform) security tech outfits are allowing their source code to be reviewed by none other than those pesky Russians. Not just any Russians either, oh no, just ‘representatives’ of a Russian defence agency, presumably not dissimilar to our very own NCSA or GCHQ.
Even though these code reviews are performed in highly controlled and sanitised environments, surely the possibility of the investigators identifying potentially exploitable code fragments for testing back in the USSR (this link for expert scouse lip readers only).
Presumably having spotted a vulnerability, the aforementioned security guys get straight on the big red telephone, TOR, Telegram or WhatsApp, muttering whatever the Russian equivalent of ‘Mwahahaha’ is and set about testing these apps to destruction from a position of knowledge, and knowledge is power.
We already knew that HPE allowed Arcsight to be reviewed by the boys in red some time ago, but it now seems that Symantec and McAfee have done the same.
Now we are all aware that the products of these outfits are used by government agencies the world over, not just the USA. What we probably didn’t realise was that the USA government rarely do these code reviews themselves. Welcome to The Wonderful Frightening World of nation state security.
We can assume that, at least some of the time the engineers of these firms Code Selfish, and therefore must assume that luck will not be The Nation’s Saving Grace.
Has the industry set us up for a Fall? Time will tell. As for The Russians, they will probably be partying.
If you would like to discuss these or any other security related issues with us, it is not too late to sign up to our super exciting security event next week (Wednesday 31st January, Banking Hall, London) where amongst others, none other than Mr Ron Moultrie, former Operations Director of the National Security Agency will be talking and will no doubt be prepared to give us his very valuable opinion on the subject. Please do sign up for it HERE.
See you there.
RIP Mark.E.Smith 1957-2018.
RIP Mark E. Smith! JB. As always, well written!
Comments are closed.