SoylentNews is people
SoylentNews
from the we-want-to-look-at-who-is-looking-at-you dept.
Submitted via IRC for BoyceMagooglyMonkey
The U.S. government is stepping up its sensitivity to foreign governments insisting on reviews of software company's source code.
The section of the bill that passed the Senate with an 87-10 vote stipulates that the Department of Defense cannot use any software product in a range of its systems unless the manufacturer fully discloses the software reviews by foreign governments that it has previously allowed or is under obligation to allow in the future. The language of the order is typically convoluted, and it does not include all foreign governments, only governments that are placed on a forthcoming list of cyber threats that is due within 180 days after the bill is signed. The president still has to sign off on the legislation, something he's expected to do, but you never know with this guy.
It appears that the section was prompted by a Reuters investigation from last year that found Hewlett Packard Enterprise permitted a company to review its source code for a piece of cyber defense technology on the behalf of the Russian government. The software is also used by the Pentagon. A subsequent report found that SAP, Symantec, and McAfee had also given the Russian government permission to dig through their code for software that's also used by the DOD.
Source: https://gizmodo.com/congress-votes-to-force-software-makers-to-reveal-if-th-1828064013
(Score: 3, Insightful) by Anonymous Coward on Monday August 06 2018, @06:11PM (4 children)
My question would be - how does this play in to open-source software? Foreign governments can obviously review those products. Did they just make it impossible to use anything with source available in DoD projects?
(Score: 0) by Anonymous Coward on Monday August 06 2018, @06:21PM
Well it only seems to require disclosure. Does it say anything about how the disclosed results should impact any decision making?
(Score: -1, Troll) by Anonymous Coward on Monday August 06 2018, @08:50PM
Only incels write software that lets communists read its source code. When the source code is published for anybody to review, it excludes women, because incels hate women and can't get laid!
Incel GNU software is a conspiracy to prevent women from learning programming by making the source code freely available!
(Score: 5, Insightful) by RS3 on Monday August 06 2018, @09:25PM (1 child)
This is pure speculation, but I imagine DoD worries it could be running buggy code where foreign govt. knows about the bugs, but DoD and supplier haven't noticed yet. So foreign govt. could exploit the bugs, and DoD are none the wiser.
Open source is a different animal. There could be bugs not yet caught by DoD or contractor, but foreign govt. has found and will exploit. However, being open source, many many people are reviewing and testing code, so there are likely fewer bugs, and quicker patching.
(Score: -1, Troll) by Anonymous Coward on Tuesday August 07 2018, @08:27AM
Hilarious. Many "user experience" bugs might be spotted but from history there were plenty of security vulnerabilities and exploits in OSS that were not spotted for quite a long while. Example:
https://www.theregister.co.uk/2016/10/13/sshowdown_botnet/ [theregister.co.uk]
https://www.helpnetsecurity.com/2018/06/15/cve-2018-12020-digital-signature-spoofing/ [helpnetsecurity.com]
Most people won't notice a security bug even if a dialog box popped up and told them there was one.