CNET también está disponible en español.

Ir a español

Don't show this again

Security

SAP, McAfee, Symantec reportedly let Russia review their code

The security software makers let Russia search for flaws in their products, according to Reuters. That's a concern for US agencies that use the software.

security-privacy-hackers-locks-key-6724
James Martin/CNET

Russia was allowed to dig for vulnerabilities in software used by the US government, according to Reuters. 

SAP, Symantec and McAfee, which all sell business and security software to clients around the world, gave Russian authorities the go-ahead to review their code, Reuters reported Thursday. That's a concern because US government agencies also use the software, US lawmakers and security experts told Reuters, and Russian knowledge of any vulnerabilities presents a security risk.

In order for the companies to operate in Russia, they had to allow local authorities to look at the code, Reuters said. The news service didn't find any instances where knowledge of the source code played a role in a cyberattack. 

The revelation comes amid concerns about Russia's potential influence over the 2016 US presidential election and the overall worry that we're all vulnerable to cyberattacks. 

Symantec, however, denied that any Russian agency or entity looked at its source code, and noted that the company has revised and updated the software numerous times since  the government review.

"We have no reason to believe that prior reviews impacted the security of our products," the company said in an e-mailed statement. 

SAP says it provides "clean rooms" where government customers can test the code, but can't bring recording devices. 

"Certain SAP governmental customers use security reviews as part of their effort to protect their data and environments by testing for software security flaws," the company said. "To enable such customers to conduct reviews, SAP maintains a Government Security Program, which allows testing SAP solutions against specific government requirements and handles national law enforcement authorities.  

McAfee wasn't available for comment. 

Updated at 2:01 p.m. PT: To include comments from SAP and Symantec.