Quantcast
Connect with us

Congress passes bill forcing tech companies to disclose foreign software probes

Published

on

Sen. Jeanne Shaheen

The U.S. Congress is sending President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.

The legislation, part of the Pentagon’s spending bill, was drafted after a Reuters investigation last year found software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government, including the Pentagon and intelligence services.

The final version of the bill was approved by the Senate in a 87-10 vote on Wednesday after passing the House last week. The spending bill is expected to be signed into law by Trump.

Security experts said allowing Russian authorities to probe the internal workings of software, known as source code, could help Moscow discover vulnerabilities they could exploit to more easily attack U.S. government systems.

The new rules were drafted by Democratic Senator Jeanne Shaheen of New Hampshire.

ADVERTISEMENT

“This disclosure mandate is the first of its kind, and is necessary to close a critical security gap in our federal acquisition process,” Shaheen said in an emailed statement.

“The Department of Defense and other federal agencies must be aware of foreign source code exposure and other risky business practices that can make our national security systems vulnerable to adversaries,” she said.

The law would force U.S. and foreign technology companies to reveal to the Pentagon if they allowed cyber adversaries, like China or Russia, to probe software sold to the U.S. military.

ADVERTISEMENT

Companies would be required to address any security risks posed by the foreign source code reviews to the satisfaction of the Pentagon, or lose the contract.

The legislation also creates a database, searchable by other government agencies, of which software was examined by foreign states that the Pentagon considers a cyber security risk.

It makes the database available to public records requests, an unusual step for a system likely to include proprietary company secrets.

ADVERTISEMENT

Tommy Ross, a senior director for policy at the industry group The Software Alliance, said software companies had concerns that such legislation could force companies to choose between selling to the U.S. and foreign markets.

“We are seeing a worrying trend globally where companies are looking at cyber threats and deciding the best way to mitigate risk is to hunker down and close down to the outside world,” Ross told Reuters last week.

A Pentagon spokeswoman declined to comment on the legislation.

ADVERTISEMENT

In order to sell in the Russian market, technology companies including Hewlett Packard Enterprise Co, SAP SE and McAfee have allowed a Russian defense agency to scour software source code for vulnerabilities, the Reuters investigation found last year.

In many cases, Reuters found that the software companies had not informed U.S. agencies that Russian authorities had been allowed to conduct the source code reviews. In most cases, the U.S. military does not require comparable source code reviews before it buys software, procurement experts have told Reuters. 

The companies had previously said the source code reviews were conducted by the Russians in company-controlled facilities, where the reviewer could not copy or alter the software. The companies said those steps ensured the process did not jeopardize the safety of their products.

ADVERTISEMENT

McAfee announced last year that it no longer allows government source code reviews. Hewlett Packard Enterprise has said none of its current software has gone through the process.

SAP did not respond to requests for comment on the legislation. HPE and McAfee spokespeople declined further comment.

Reporting by Joel Schectman; Additional reporting by Jack Stubbs in Moscow


Report typos and corrections to [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

Yale psychiatrist: Trump using racism as a coping mechanism as his mental state rapidly deteriorates

Published

on

On Wednesday, President Donald Trump continued to attack the young congresswomen of color nicknamed "The Squad," after he was criticized for saying the women should go back to their own countries, even though all four are U.S. citizens. Now, he's doubling down.

On Twitter Wednesday he called the women "left-wing cranks." He added that they were free to leave if they don't like America.

Raw Story spoke with Dr. Bandy X. Lee about the President's racist tirades against Alexandria Ocasio-Cortez (D-NY), Ilhan Omar (D-MN), Rashida Tlaib (D-MI) and Ayanna Pressley (D-ILL).

Lee is a forensic psychiatrist and an expert on violence at Yale School of Medicine. She helped launch a public health approach to global violence prevention as a consultant to the World Health Organization and other United Nations bodies since 2002. She is author of the textbook, “Violence: An Interdisciplinary Approach to Causes, Consequences, and Cures,” president of the World Mental Health Coalition, and editor of the New York Times bestseller, “The Dangerous Case of Donald Trump: 37 Psychiatrists and Mental Health Experts Assess a President.”

Continue Reading

Breaking Banner

This word is the single biggest tipoff that Trump is lying

Published

on

President Donald Trump exhibits a verbal tic that gives away some of his biggest whoppers.

The president tells demonstrable lies on a daily basis, but it's a "flashing red light" that he's lying when he recounts someone calling him "sir," according to CNN fact-checker Daniel Dale.

"Trump has told false 'sir' stories on all manner of subjects: health care, the Middle East, the courts, unions and -- just last week -- both tariffs and social media," Dale wrote. "But no genre of Trump story is more reliably sir-heavy than his collection of suspiciously similar tales about macho men breaking into tears of gratitude in his presence."

Continue Reading
 

Facebook

Russia launches criminal case over gay couple’s adoption

Published

on

Russia on Wednesday said it had opened an unprecedented criminal case accusing officials of negligence for allowing a gay couple to adopt two children.

The Investigative Committee, which probes serious cases, said that Moscow social workers were suspected of criminal negligence for allowing the two boys to live in the family since 2010.

This is the first such case ever launched, reported Interfax news agency.

"Nothing like this has happened before," said lawyer Maksim Olenichev of Vykhod (Coming Out) support group based in the northwestern city of Saint Petersburg.

He told AFP he was in talks with the family to represent them legally because "we think we need to defend this family from the actions of the state."

Continue Reading
 
 
 

Copyright © 2019 Raw Story Media, Inc. PO Box 21050, Washington, D.C. 20009 | Masthead | Privacy Policy | For corrections or concerns, please email [email protected]

close-image