Should we allow foreign governments to do security audits of sensitive source code? – AEI – American Enterprise Institute: Freedom, Opportunity, Enterprise

When you buy software, how do you know if it is secure? If you are a normal user, you have only the past track record and published reports to go on. But if you are a government or other very large customer, you can do a bit better. You can demand that the vendor show you their source code before buying. (Source code is like the blueprints for a computer program; it is the set of directions used to produce a runnable piece of software.)
Via Twenty20
It was recently reported that HP Enterprise allowed a Russian government contractor to do such an audit on Arcsight, a tool for large-scale data analysis, for instance for intrusion detection. This review caused some concern, since the US government also relies on Arcsight. Is our security endangered by this review? What should we do about it? “Code review” is an ambiguous term, and there is

Continue Reading....

Check Also

The New New Europe – AEI – American Enterprise Institute: Freedom, Opportunity, Enterprise

Facebook Twitter Google+ Pinterest LinkedIn Digg Del StumbleUpon E-mail Reddit Buffer Love ThisWhen the four …

Leave a Reply

Send this to a friend