It’s impossible to have missed all the talk about Russian hacking over the last year, so you would think the last thing any US tech company would do its to let Russians look for vulnerabilities in security software, but that’s just what some major tech companies that are used by the US government have done.
McAfee, SAP, and Symantec let Russian authorities look through software source code to see if they could find vulnerabilities. This was done, they say, in order to sell to Russian markets. Russia says the reviews are needed in order to make sure the software isn’t open to attacks from hackers.
The companies maintain that the reviews were done under supervision and no recording devices were allowed, not even pencils. That’s all well and good, but giving a skilled programmer access to source code, even for a short time, can compromise the software. One defense analyst noted that they know Russia has people who can spot vulnerabilities by just looking at source code because the US has people who can do that, too.
The list of government agencies using software that was reviewed by Russia is extensive. It includes the FBI, NASA, the Pentagon, and the State Department.