Supply chain risk
Dr Jacobson's testimony is interesting at ~46min. That and other references to supply chain threats is really where the opposition to Kaspersky comes from. It almost doesn't matter whether there is any specific evidence of actual harm - the key driver is the assessment of risk (to the US) associated with the presence of Kaspersky products on the government systems.
If for example McAfee was in the pocket of the NSA and eagerly shipping everything it found to hidden servers buried deep below Fort Meade, then it doesn't matter in this assessment because McAfee does not get assessed as a risk.
It will be helpful to those who want to elevate the perceived risk of Kaspersky (for whatever reason, relevant or not, political or not) that the NSA malware exposure may have involved Kaspersky, whether incidental, deliberate or otherwise i.e. guilt by association allows an increased perception of risk.
Biting the hand that feeds IT
