A while back, I blogged on the topic of Sovereignty and National Security. Since then, much has happened, most notably the moves by some governments to require access to source code on the grounds of national security before a foreign product can be imported and used in the country. Others have insisted for products to be manufactured locally, or that intellectual know-how of the product be transferred as part of the conditions of permitting a product to be procured. These are variations of the recurring theme of requiring local control to ensure national security and to protect sovereignty against foreign influence.
One cannot deny that there are very real security concerns and threats faced by governments today that need to be addressed more adequately. Even consumers are rightly worried about security of their data and personal information, especially as more cloud computing services become available.
Some argue that proprietary products are ‘secretive’, and that they rely on the customers’ faith in the vendor that the products operate securely. Others say that it is much easier for attackers to uncover vulnerabilities when they have access to the source code, rather than trying to compromise a “black-box”.
Who is right? Is the disclosure of source code directly correlated to product security? Is there a better way to ensure security without resorting to excluding the use of foreign manufactured products?