Congress passes bill forcing tech companies to disclose foreign software probes
The U.S. Congress is doing what it can to make sure foreign companies aren’t infiltrating government software programs.
President Trump will receive legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.
The legislation was drafted after a Reuters investigation last year found software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government.
That includes the Pentagon and intelligence services.
The final version of the bill was approved by the Senate in a 87-10 vote on Wednesday after passing the House last week.
The spending bill is expected to be signed into law by Trump, according to Reuters.
Security experts said allowing Russian authorities to probe the internal workings of software, known as source code, could help Moscow discover vulnerabilities they could exploit to more easily attack U.S. government systems.
The law would force U.S. and foreign technology companies to reveal to the Pentagon if they allowed cyber adversaries, like China or Russia, to probe software sold to the U.S. military.
Companies would be required to address any security risks posed by the foreign source code reviews or lose the contract.
A Pentagon spokeswoman declined to comment on the legislation. In order to sell in the Russian market, technology companies including Hewlett Packard Enterprise, SAP and McAfee have allowed a Russian defense agency to scour software source code for vulnerabilities, the Reuters investigation found last year.
In many cases, Reuters found that the software companies had not informed U.S. agencies that Russian authorities had been allowed to conduct the source code reviews.
Hewlett Packard Enterprise has said none of its current software has gone through the process. SAP did not respond to requests for comment on the legislation. HPE and McAfee spokespeople declined further comment.