Bill: Tech Firms Must Disclose US Adversaries' Software Reviews


A new bill would require U.S. tech companies to disclose if they allowed American adversaries to examine software sold to the U.S. military.

The bill, approved by the Senate Armed Services Committee, comes after Reuters discovered that tech companies including Hewlett Packard, SAP and McAfee have allowed a Russian defense agency to look over software source code for vulnerabilities. In many cases, the companies never informed U.S. agencies that the reviews had been conducted.

In addition, some of the reviewed software was already deeply embedded in some of the most sensitive parts of the U.S. government, including the Pentagon, the Federal Bureau of Investigation and intelligence agencies.

Although both companies said the reviews were carried out in controlled facilities, security experts have warned that the move could help Russia attack key systems that protect the United States.

The new source code disclosure rules were included in the Senate version of the National Defense Authorization Act, the Pentagon’s spending bill, according to staffers of Democratic Senator Jeanne Shaheen.

The bill still needs to be voted on by the full Senate and merged with the House version before it can be signed into law by President Donald Trump.

The legislation would require companies that conduct business with the U.S. military to disclose any source code review of the software done by adversaries. If the Pentagon decides that a source code review would be a risk, military officials and the software company would need to agree on how to handle the threat, such as limiting the software’s use to non-classified settings.

The details of the foreign source code reviews, and the steps that were agreed upon to reduce the risks, would be stored in a database accessible to military officials. For most software, the military notification will only apply to countries seen as a cybersecurity threat, such as Russia and China.



New forms of alternative credit and point-of-sale (POS) lending options like ‘buy now, pay later’ (BNPL) leverage the growing influence of payments choice on customer loyalty. Nearly 60 percent of consumers say such digital options now influence where and how they shop—especially touchless payments and robust, well-crafted ecommerce checkouts—so, merchants have a clear mandate: understand what has changed and adjust accordingly. Join PYMNTS CEO Karen Webster together with PayPal’s Greg Lisiewski, BigCommerce’s Mark Rosales, and Adore Me’s Camille Kress as they spotlight key findings from the new PYMNTS-PayPal study, “How We Shop” and map out faster, better pathways to a stronger recovery.