Hacker News new | ask | show | jobs
by rmchugh 3186 days ago
"The U.S. military agency itself did not require a source code review before purchasing ArcSight and generally does not place such requirements on tech companies for off-the-shelf software like ArcSight, the Pentagon spokeswoman said. Instead, DISA evaluates the security standards used by the vendors, she said."

So the Russian government has higher security standards than the US?
2 comments
Retric 3186 days ago
I don't know if that's really true. DoD gets the Windows source code for example.
link
MikusR 3186 days ago
So does Russia.
link
Retric 3186 days ago
I don't see how that's relevant.

Tools exist to audit anything on the windows CLR. So, from a security standpoint they have everything they need and can request the source code if any red flags show up.

Sure, the source code is great if you want to maintain code. But, for a security audit it's often more deceptive than useful.

link
inetknght 3186 days ago
Does that surprise you?
link