McAfee will no longer allow governments to review their source code. Russian defence agencies have been reviewing the code for some time, in order to certify that the software is safe. But fearing that any vulnerabilities that are found and kept secret and then weaponised by intelligence agencies, the company is stopping the practice.
According to a Reuters report, the practice stopped earlier this year, when McAfee was spun off from Intel. And while there was no evidence that agencies had exploited the software the company was concerned.
It’s an interesting contrast with Kaspersky who will be allowing their source code to be reviewed following accusations that their code was allegedly compromised.
With the online world becoming increasingly challenging to navigate, we place a huge amount of trust in security vendors, giving them loads of access to our systems. The only thing we have to go on when it comes to reputation is history and McAfee’s decision poses an interesting question.
If Russian agencies were reviewing the code, could they have found and exploited a zero day none of us know about? Does the decision to stop the reviews make you feel better or does the revelation of the code reviews worry you?
Let us know what you think.