Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday October 04 2017, @09:48PM   Printer-friendly
from the more-eyes-the-better? dept.

Arthur T Knackerbracket has found the following story:

Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector.

The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of HPE's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.

Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack.

"It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."

Despite the potential risks to the Pentagon, no one Reuters spoke with was aware of any hacks or cyber espionage that were made possible by the review process.

[...] The HPE spokeswoman said Reuters' questions about the potential vulnerabilities were "hypothetical and speculative in nature."

HPE declined to say whether it told the Pentagon of the Russian review, but said the company "always ensures our clients are kept informed of any developments that may affect them."

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by rylyeh on Thursday October 05 2017, @12:02AM (2 children)

    by rylyeh (6726) <{kadath} {at} {gmail.com}> on Thursday October 05 2017, @12:02AM (#577238)
    Seems like YAE of the benefits of Open Source!!!
    --
    "a vast crenulate shell wherein rode the grey and awful form of primal Nodens, Lord of the Great Abyss."
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 3, Interesting) by NotSanguine on Thursday October 05 2017, @12:05AM (1 child)

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Thursday October 05 2017, @12:05AM (#577240) Homepage Journal

    I don't have an issue with that idea at all.

    However, OSSIM (an open-source competitor) has some significant shortcomings compared with its commercial competitors. Well, except that it's open source, which makes up for quite a bit, IMHO.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    • (Score: 2, Interesting) by rylyeh on Thursday October 05 2017, @12:10AM

      by rylyeh (6726) <{kadath} {at} {gmail.com}> on Thursday October 05 2017, @12:10AM (#577242)

      It does make sense to spend public money on software that benefits the people.

      --
      "a vast crenulate shell wherein rode the grey and awful form of primal Nodens, Lord of the Great Abyss."