Safety and Security

McAfee Won’t Let Foreign Governments Review Their Code

McAfee, the security software company, is no longer allowing foreign governments to look over the source code of its products, stopping a practice that security experts have cautioned could enable nations to conduct cyberattacks.

According to news from Reuters, a company spokeswoman told the news service that it stopped permitting the government reviews earlier in 2017, after McAfee spun off from Intel in April and became a standalone company, although an exact date was not provided.

“The new McAfee has defined all its own new processes, reflecting business, competitive and threat landscapes unique to our space,” the spokeswoman said. “This decision is a result of this transition effort.” She noted there hasn’t been any evidence of security issues due to the source code reviews.

In early 2016, competing security software company Symantec took the same step, adopting a global policy in which it refuses to show governments its source code as a requirement to enter the marketplace. Earlier in October, Symantec’s Chief Executive Greg Clark told Reuters the decision not to share the source code stemmed from concerns that its security products would be compromised as a result.

Tech companies around the world have been under intense pressure from the Russian government to hand over access to their source codes, in return for approval to sell goods in the country. Symantec once allowed for said reviews, but Clark told Reuters the firm now believes that such inspections open up the firm to increased security threats, and that the risk of losing customer confidence was not worth the potential Russian sales the reviews could net.

Clark noted that Symantec will still sell their goods in any country that wants them. “That is a different thing than saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works,” Clark said of source code at the time. “These are secrets, or things necessary to defend (software). It’s best kept that way.”



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.