U.S.-based cyber firm Symantec will no longer allow governments to review the source code of its software due to fear that they will compromise the security of a number of their products, according to Symantec Chief Executive Greg Clark in an interview with Reuters.
“These are secrets, or things necessary to defend (software),” Clark said of source code. “It’s best kept that way.”
Because Symantec’s market share is still small in countries like Russia, the decision was easier than for other competitors who are heavily invested in such countries. “We’re in a great place that says, ‘You know what, we don’t see a lot of product over there’,” Clark said. “We don’t have to say yes.”
Symantec’s decision has been praised by some western cyber security experts, who said the company has set a rising trend that has proven to be a model for other companies to follow when it comes to choosing not to give source code out to governments.
“They took a stand and they put security over sales,” said Frank Cilluffo, director of the Center for Cyber and Homeland Security at George Washington University and a former senior homeland security official to former President George W. Bush.
Cilluffo sees source code as something that can easily be taken to seize control, but is proud to see that Symantec took the stand. “Obviously source code could be used in ways that are inimical to our national interest,” Cilluffo said. “They took a principled stand, and that’s the right decision and a courageous one.”
Reuters also reported last week that that Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to review the inner workings of cyber defense software known as ArcSight that is used by the Pentagon to guard its computer networks.
HPE said such reviews have taken place for years and are conducted by a Russian government-accredited testing company at one of their research and development centers outside of the country.
The software maker said it closely supervises the process and that no code is allowed to leave any of the centers, ensuring that it will not compromise the safety of their products.
A spokeswoman for the company said no current HPE products have undergone Russian source code reviews.
But what security should one have for their expanding business? With hacking and government spying a sad reality in today’s digital world, is your business covered?
Business Insurance can provide the coverage you need that can keep you and your assets protected, while also aligning with your company’s goals.