[criley2]

Symantec: "No, our code is audited professionally by the most reputable international firms along international standards of quality. You can review our audit reports and engage with the international body responsible for regulating audits to raise any concerns"

Foreign Gov. Customer: "But what I really want is for my tech spooks to scan pre-selected high value modules for already known and suspected zero day exploits for our own clandestine use"

Symantec: "...."

[raesene9]

What "interational body for regulating audits" would that be, I'm not aware of any such body...?

Also If Symantec won't trust their customers to that degree, why should a foreign government or their key industries trust symantec software?

If a US audit firm audits US software, why should an international government trust that there isn't a US backdoor in there? Or perhaps that the US audits have uncovered issues but instead of patching them they handed them to the NSA for later use in their TAO teams... (wannacry anyone?)

Obviously symantec are free to withdraw from a given market as they have here, but to suggest that trust is a one-way street seems well a bit unbalanced.

[criley2]

I do not personally believe in todays world that national security and software can be separated.

As an American, I certainly would not trust any non-American AV software.

I would assume that all AV made in another country is compromised by that countries government intelligence. That would be a safe assumption.

I would be safer user American AV as an American because despite what the anti-gov propaganda wants us to believe, it's far harder for the NSA to spy on Americans than non-Americans.

Regardless, this entire thread (and your post) seems to treat nation-state actors as inherently innocent, which is so blindly naive that it's difficult to rationally respond to.

But this is the nature of cyberwar. Damaging, effective, wide-spread--- and invisible and plausibly deniable.

Symantec giving source to Russia should be seen as a violation of American national security at this point, because it gives a hostile foreign government a blueprint to attack US networks.

[raesene9]

You've picked me up entirely incorrectly if you think I'm of the opinion that nation state actors are innocent.

My point is if the US treats foreign gov's as dangerous then those foreign gov's should treat the US as dangerous equally, including US software.

Given US software companies international sales volumes that's a massive existential threat to the US economy.

If China/Europ/Russia etc stop using US software products then what will happen to the profits of Microsoft/Google/Apple et al....

My other point was the apparent one-way nature of trust that I felt you were implying. that foreign gov's should trust US software whilst at the same time accepting those software companies do not trust them...