More governments are asking for source code before accepting your software. Here are four steps you can take to mitigate your exposure.
Our world today runs mostly on software. At the heart of any software product is its source code: a sort of digital genome that defines its properties and how it functions. Source code is the key to nearly every technology solution and innovation. It is also intellectual property and the primary source of the product’s value.
New policies and procedures enacted by foreign governments in the last year force an alarming quid pro quo on technology vendors: “Permission to sell your software in our country depends on your willingness to let us inspect its source code.” These “inspections” are positioned as necessary by the importing country to ensure the software is secure and controllable.
This new trading condition poses a Faustian bargain to technology vendors, where the soul of an innovation is exchanged for a market opportunity. We can be certain the devil will have his due. Access to source code lets foreign governments plant back doors into those products. Later, those same actors can hack those products for nefarious purposes after they’re sold on the open market.
It is also an invitation to IP theft disguised as a security measure.
We don’t yet know how this is going to play out. We only know that we’re going to need the technology industry, policy makers, and trade representatives from all countries involved to come together and develop an international consensus on ways to address this problem.
In the meantime, vendors and users of technology and telecommunications solutions can take steps to reduce their risks when they trade source code access for market access:
- Double down on security protections.
Ensure security is embedded within the software product end-to-end; prioritize and deploy a layered security approach to help protect the endpoint(s), network and data/application. Users and vendors should work together and complete the latest software updates and security fixes as rapidly as possible. Network security controls, data encryption, identity and access management and other partitioning can help minimize exposure of vulnerabilities to adversaries.
- Integrate new protective measures.
Technology vendors routinely customize their offers for foreign markets. That’s an opportunity to add capabilities that protect source code from exploitation. These might include: capabilities that help ensure the integrity of the software and updates; features to detect intrusion attempts into or through the platform; and locking down certain features that too easily introduce vulnerabilities.
- Create custom settings on cybersecurity detection and management software tools.
This can include threat monitoring and policy settings that can help detect and defeat intrusion attempts.
- Choose open source.
Vendors should use an open source model to develop products and platforms. It’s a “wisdom-of-the-crowd” approach to development that can help reduce exposure to vulnerabilities.