China wants source code

According to the Yomiuri Shimbun, Chinese government plans to request access to source code of electronic equipment. The official rationale is to validate that the device will be immune against Internet viruses to fight these malwares. Without this approval, foreign companies would be banned to import devices to China. The Japanese newspaper does not disclose what happens if the examiners find some weaknesses. Will they return the information to the manufacturer for it to cope with? Will they keep it secret?…

Of course, most people assimilate this process to economic intelligence. Chinese government does provide no guarantee that the source codes would not leak. It is far easier than making reverse engineering. It would also an interesting method to find some ways to crack installed devices. They would just not disclose the exploit (and it is smarter than asking for back doors). this type of exploits could be used both on domestic market (to spy Chinese citizens) or in foreign countries (if the exploit is applicable on other releases). This would also ease production counterfeited critical devices (see FBI warning against counterfeited CISCO routers

The announced rationale has no sense. Every security specialist knows that it is impossible to analyze a full source code to find all the security vulnerabilities. Would we know how to do it, we would have more secure products in the field. Already strengthening a small piece of software is a complex task, then a complete application.

It is more likely that judging Chinese government on mere intent is legitimate. I doubt that many companies would accept.

Leave a Reply

Your email address will not be published. Required fields are marked *