Is source code inspection a security risk? Maybe not, experts say

Moscow’s recent demand to inspect the source code of American software vendors supplying the Russian government does not pose the severe security threat some are making it out to be, experts say, emphasizing that while sharing source code with a nation-state adversary does make it easier for an attacker to find security flaws, source code is far from the “keys to the kingdom” for bug hunters.

At a time of heightened cyberespionage between the US and Russia, Moscow’s worries about possible backdoors in American software seem like legitimate concerns that justify a request for source code review, experts suggested.

Read more: Is source code inspection a security risk? Maybe not, experts say

Story added 11. December 2017, content source with full text you can find at link above.