back to article Big Blue lets Chinese government eyeball source code – report

IBM has reportedly granted Beijing controlled looking rights to its proprietary source code to allow government officials to scrutinise the software for spook backdoors. The move comes some 12 years since Microsoft brought in its Government Security Program, to allow nations outside of the US to eyeball its code. According to …

  1. John Smith 19 Gold badge
    Big Brother

    But what will it prove?

    Absence of evidence is not evidence of absence.

    The source code will be MLOC (and probably still be in assembler for mainframes).

    With processor microcode that complex you'd want a to scrutinize it from a dump of the mask layouts in the ROM.

    And AFAIK that's not on the table at all.

    Paranoid, moi?

  2. a_yank_lurker Silver badge

    Not enough

    If IBM or MS opened source all their code then I might believe a review that says its clean. Not enough time and not enough eyeballs to check

    1. Paul Crawford Silver badge

      Re: Not enough

      It is a fair point, that with several MLOC and a closed environment for a few dozen folk to review the code, you have very little chance of finding anything.

      If, and that is a hypothetical "if", the TLA have had backdoors planted you can be damn sure they are not so dumb as to have obvious code and matching comments to draw attention to it. Most likely it would be some apparent 'typo' that allows an exploit to be deliverer, or it would be some obscure cryptographic flaw (or blind use of closed hardware support) that makes it easy for them and hard for others to exploit.

    2. Doctor Syntax Silver badge

      Re: Not enough

      "Not enough time and not enough eyeballs to check"

      Plus you'd need to build it and check that that's the executable that's being provided to run.

  3. John Tserkezis

    Has IBM forgotten the nation that's checking their code for backdoors, is the same nation that built itself in the first place by copying other's stuff?

    Just sayin'.

    1. Anonymous Coward
      Anonymous Coward

      Has IBM forgotten the nation that's checking their code for backdoors, is the same nation that built itself in the first place by copying other's stuff?

      .. which is how the US kickstarted its economy in the first place. Not that you'd believe that if you see how they're now go about IP rights protection, but I always have a pot/kettle feeling when I see the US rant at another nation about "respecting rights". Clearly, they lack a sense of irony - or are a tad selectively forgetful about their own history...

  4. K Silver badge

    Just because you've seen some source code..

    Doesn't mean you can trust the compiled code, as it would be incredibly easy to sneak an exploit or backdoor in at compile time. The only way to avoid this is to also have complete control over the whole build process.

    So as usual, another government wasting time and money!

  5. DanielN

    China is not interested in avoiding being hacked. They want to find holes to go hacking with.

    1. Anonymous Coward
      Anonymous Coward

      China is not interested in avoiding being hacked. They want to find holes to go hacking with.

      Post Snowden I'd say that that would only balance things out. Neither should, both do.

    2. JosephEngels

      almost certainly correct.

      There is little chance of them finding a back door, as it is unlikely to be in the code delivered for scrutiny.

      Far more likely is they simply want to see how it is built, and/or spot hitherto undiscovered entry points for their own purposes.

  6. Popofla

    Beaten by China Again

    As many have already stated this type of review would prove nothing. Therefore China is not interested in looking for any backdoors they only want to understand the code structure and be able to complete their own code replacement system. Like all the rest of western IT, IBM is a fool..

  7. David Beck

    When did the source get closed?

    In the 1960s and early '70s the source for IBM OS/360, DOS.360 and the IBM supplied utilities including the compilers was available to educational institutions for the cost of the tapes. I did work on the DOS PL/1 G compiler and the OS/360 sort/merge utility while at university.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019