Is source code inspection a security risk? Maybe not, experts say

December 11, 2017

Moscow’s recent demand to inspect the source code of American software vendors supplying the Russian government does not pose the severe security threat some are making it out to be, experts say, emphasizing that while sharing source code with a nation-state adversary does make it easier for an attacker to find security flaws, source code is far from the “keys to the kingdom” for bug hunters.

At a time of heightened cyberespionage between the US and Russia, Moscow’s worries about possible backdoors in American software seem like legitimate concerns that justify a request for source code review, experts suggested.

Read More on CSO Online