
McAfee says it no longer will permit government source code reviews - uptown
https://www.reuters.com/article/us-usa-cyber-russia-mcafee/mcafee-says-it-no-longer-will-permit-government-source-code-reviews-idUSKBN1CV2MP
======
thomastjeffery
> But security experts and former U.S. officials have said those inspections
> provide Russia with opportunities to find vulnerabilities that could be
> exploited in offensive cyber operations.

That is entirely the point. The fear is that they would hide that
vulnerability.

The idea that anyone, including a Nation-State, would find it advantageous to
find _and hide_ security vulnerabilities is ludicrous.

Hiding a vulnerability is advantageous to _everyone_ who wants to use it, but
disadvantageous to _everyone_ who wants to be secure.

The only way to keep a vulnerability secret is to be absolutely certain that
no one else knows about it. That is simply not even remotely close to
possible.

------
tareqak
Techmeme summary: _Reuters: McAfee says it will no longer let governments
review its source code, citing security concerns, following Symantec earlier
this month_

