well, why not ...
as long as the source code is examined and then either escrowed or destroyed, and as long as the governments in question give unlimited liability guarantees against all consequential losses for all time, what's the harm? ;-)
Russia has asked SAP and Apple to hand over their products' source code so it can be tested for spyware. The nation's Ministry of Communications and Mass Media announced the request on Wednesday. The shrinkwrapped statement sees Communications minister Nikolai Nikiforov citing the revelations from rogue NSA contractor Edward …
And any remote vulnerabilities that the FSB discover against Apples and SAP's servers as a result of the code exam will remain unexploited I'm sure.
Still what's good for the goose......
Will be interesting to see the fall out from this over the long term - who will win between the spook owned politicians in the US and those owned by the corporates who are increasingly suffering as the NSA's pigeons come home to roost.
Didn't make a word of random insertion sense that part about foreign minsiter edward snowdon was total cotoneaster blooming in my garden nonsense another example of sloppy copy cut paste delete backspace passing the editorial aye aye captain quality journalism and editorial oversight is dead at take the register arnold here brampton here cuthbert here peanuts and monkeys I suspect
They can always build it themselves (using their own compilers) and distribute their own binaries. Making sure licenses are paid for, of course.
But they'll have to go through that whole process every time Apple releases a patch or an upgrade.
Come to think of it: in principle they should go through the whole source review process every time Apple releases a patch or upgrade anyway.
This is an "if you have nothing to hide, you have nothing to fear" approach.
Although I am a bit unsympathetic to proprietary software, and not wanting to defend apple or sap in particular, the real problem is that one is asked to prove a negative. That leads to guilty unless proven innocent. Or, in other words, a pretext to (seemingly) random enforcement of whatever the ruling class feels like. Bad times are looming.
Nah Twas' always so..
I remember Sinclair Spectrums being pulled for sale in Heathrow Duty Free, just in case those pesky Russkies bought one and built a better bomb with one..
On the other hand around this time I do know of a company director who took 286\386 chips into the USSR in his luggage and swapped them for some very high-tech imaging kit that we no longer made in the UK but the Russians did..
Considering the nature of the work his company did for the MoD if MI6 didn't tip him the nod to do it I would be very surprised..
Since Microsoft cannot find it's own vulnerabilities (or I would not have to reboot my machine virtually every Tuesday) , why does the Russian state think it will have anymore luck?
That is unless any deliberate security changes have comments around them like
/* Backdoor added by NSA. Ssssh don't tell anyone */
These are probably the two companies least likely to share their source code for a fishing expedition.
I mean, sharing your source code with the country that's home to more hackers per capita than probably any other, and has a corrupt government where officials are easy to bribe...what could possibly go wrong?
Apple at least isn't very successful in Russia anyway, so they have little to lose by ignoring this request. Not sure how much business SAP does there.
There is ample reasoning behind doing this. More than just a little suspicion - so for Authorities not to view the source code at each version release would be irresponsible.
Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens rights after-all.
For Government departments, Emergency Services, Defence, and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment.
If a company does not provide access to source software, firmware or other code they should be prohibited from being used in critical areas and be either banned or have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives.
Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens after-all.
For Governments and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment to critical services.
If a company does not provide access to software, firmware or other code they should be prohibited from being used in critical areas and have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives
Given some of the interesting ... "diagnostics" ... aids that have recently been found in iOS, I think the only involvement of Snowden was to lower our level of trust enough that we'd start to see that which was hidden all along. This, they brought upon themselves.
Biting the hand that feeds IT © 1998–2019