A piece of proposed legislation reportedly facing the United States Senate would force US tech companies to divulge whether they permit nations including China and Russia to examine the source code of software they sell to the US military, a report has said.
According to Reuters[1], the Bill was approved 25-2 on Thursday by the Senate Armed Services Committee, with the new source code disclosure rules making up part of the National Defense Authorization Act.
Being able to search and find such vulnerabilities could make it easier for nations that are a "cybersecurity threat" to attack US systems, according to Reuters.
The Bill still needs to pass the full Senate and be reconciled with the House of Representatives version of that legislation before being signed by US President Donald Trump, Reuters added.
Under the Bill, tech companies may have to limit the use of the software to non-classified areas of government if its source code has been reviewed by a foreign nation, the report said, with the details of such reviews and the steps taken by the tech company to then be "stored in a database accessible to military officials".
The publication pointed out that the Bill's drafting followed Reuters' discovery that software makers including McAfee[2] and HPE were permitting a Russian-based defence agency to search for vulnerabilities in the source code of software already being used by the Pentagon and the Federal Bureau of Investigation (FBI), among other intelligence agencies.
The US government has been cracking down on tech and software from Russia and China, with the Department of Homeland Security (DHS) last year ordering federal agencies to stop using Kaspersky security