McAfee ends government source code reviews citing security concerns

McAfee ends government source-code reviews amid reports that the privilege is being mis-used

Anti-virus software maker McAfee has said that it will end the process of allowing foreign governments to review the source code of its products.

A spokesperson for the company confirmed the news to Reuters, stopping a practice that has been increasingly regarded as a security risk.

Many governments around the globe have been placing code-reviewing demands on software companies, ostensibly to ensure that their products don't contain any Western government spy agencies' back doors.

However, the fear is that they could, equally, use their privileged access to the source code to find and exploit their own vulnerabilities.

Moscow, in particular, has upped the pressure on Western technology companies in recent years.

In June, Reuters reported that Russia had upped the ante on source code reviews, with Russian companies carrying out them in secure "clean rooms", where the source code could quickly and easily be copied.

These reviews are mandatory requirements from Russian defence agencies when foreign software is being used within government departments.

McAfee initially ended these reviews in April 2017, after it was spun-out of Intel. But the spokesperson didn't give a specific timeline for when it exactly stopped these reviews or any cases of security issues.

"The new McAfee has defined all its own new processes, reflecting business, competitive and threat landscapes unique to our space," the spokeswoman told Reuters. "This decision is a result of this transition effort."

Other cyber security companies have taken similar actions in recent months amid reports of Russian meddling. In June, Symantec refused to give Russia access to its source code.

And, last year, the company announced a global policy of refusing to hand over its source code to governments, even if it was required to access a new market.

"It poses a risk to the integrity of our products that we are not willing to accept," Symantec spokesperson Kristen Batch told Reuters.