[yardie]

Well we all are citizens of one country or another. So what exactly does outside code review mean? American code can only be reviewed by American code reviewers?

Would you trust Chinese software that was only ever allowed to be reviewed by Chinese auditors?

[criley2]

Private firms earn their reputations by their behavior. We have international / multi-national / NGO's which can exist beyond the politics of the nation states they reside in.

You should trust a firm to review your code not based on their nationality, but based on a wide criteria.

Included in that criteria for me would whether or not the organization is committed to the work of subverting your software through intelligence operations.

But, that's just an end-around because all countries with markets worth selling in have intelligence agencies which subvert AV and other software for clandestine purposes, so all nation states are excluded.

W.r.t Chinese auditors, because of their oppressive and authoritarian government which goes so much further than western governments to control business and speech, and which has a much deeper history of subverting any control structure outside of the Communist Party, I would certainly treat their work as suspect by nature, but if there were a Chinese auditing firm renowned for its quality, privacy and separation from their government, I don't see why I wouldn't consider it.