Symantec CEO claims government source code reviews pose ‘unacceptable risk’ to security software
Symantec has become the latest software company to ban governments from examining its source code.
It comes amid an increasingly strained relationship between governments and security firms such as the ongoing dispute between Russian security firm Kaspersky and the USA.
CEO Eugene Kaspersky offered in July to give American authorities access to the source code in an attempt to dispel rumours about ties to the Russian government.
But Symantec’s CEO Greg Clark has made clear in an interview with Reuters that he views such governmental source code reviews as an unacceptable risk. He fears the agreements would compromise the security of Symantec’s products.
At the moment, many (mostly American) tech firms are under pressure from countries such as Russia and China to open up their source code for examination, in exchange for approval to sell those products in those countries.
Clark told Reuters that while Symantec once allowed the reviews, he now sees the security threats as too great.
Symantec has concluded the risk of losing customer confidence by allowing reviews was not worth the business the company could win, he reportedly said.
Clark said Symantec was still willing to sell its products in any country. But, he added, “that is a different thing than saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’.”
“These are secrets, or things necessary to defend (software),” Clark said of source code. “It’s best kept that way.”
But Clark admitted that Symantec’s small market share in Russia made this an easier decision than for competitors heavily invested in the country, Clark said.
“We’re in a great place that says, ‘You know what, we don’t see a lot of product over there’,” Clark reportedly said. “We don’t have to say yes.”
There has been growing concern at government’s reviews of tech source code.
It comes after Hewlett Packard Enterprise reportedly allowed a Russian defence agency to review the inner workings of cyber defence software known as ArcSight. ArcSight is used by the Pentagon to guard its computer networks, but the ArcSight has now been sold to Micro Focus International.
The British firm has said this week that it will no longer allow reviews of its products’ source code by “high risk” governments.And it should be noted that China has also this year brought in a cyber security law that has placed strict data surveillance and storage requirements on these firms.
Symantec’s Clark meanwhile has said that his firm has not received any requests to review source code from the Chinese government, but indicated he would not comply if Beijing made such a demand.
“We just have taken a policy decision to say, ‘Any foreign government that wants to read our source code, the answer is no’,” Clark said.
Do you know all about security in 2017? Try our quiz!