Reuters recently reported that the application had been scrutinised by the Russian government and it is not clear if Micro Focus considered Russia as being on its dodgy customer list.
But a company spokeswoman said future reviews would require approval from Micro Focus’s chief executive.
Writing in his Micro Focus bog ArcSight, head Jason Schmitt defended the reviews of core software operating instructions, known as source code, as common and said “that dozens of brand-name products have undergone the same type of certification testing.
“Micro Focus will not allow any source code reviews if we reasonably believe the governments of high risk countries will have access to that review”, the Micro Focus spokeswoman said in an email to Reuters.
Micro Focus purchased the ArcSight product line from Hewlett Packard Enterprise in a sale completed last month. Reuters reported last week that HPE allowed a Moscow defence agency to review the inner workings of ArcSight, cyber defence software used by the Pentagon to guard its computer networks.
Cyber security experts, former US intelligence officials and former ArcSight employees said the practice could help Moscow discover weaknesses in the software, potentially helping attackers to blind the US military to a cyber attack.
Russia has been asking for more source code reviews as a requirement for doing business in the country and most companies have complied.
The same applies to the US government, and it is not clear if the US is on Micro Focus’ list of dodgy customers either. Micro Focus also said it would notify the US government and seek feedback before allowing source code reviews “where applicable” so we guess not.