This past week, as part of escalating sanctions between the West and Russia because of the war in Ukraine, the FCC added the security company Kaspersky (creator of the popular Kaspersky Anti-Virus software) to its “security threat list” which means products from that company aren’t eligible for FCC funds. It’s important to note that this wasn’t due to a particular backdoor that was discovered in Kaspersky products. Instead this was because of the threat that Kaspersky (a Russian company) could be coerced by the Russian government to add a backdoor. Because Kaspersky’s software is proprietary, it would be incredibly challenging to audit the software and all future updates for backdoors.
A Russian bank has issued a warning of its own, advising customers to avoid updating software, in response to actual malicious code a developer added to their NodeJS library. In this case, the guidance wasn’t to avoid using the software, just to avoid updating that software and if an update is necessary, to review the code carefully. This distinction is critical, and points to a fundamental freedom that free software provides (freedom 1, the freedom to study how the program works) that leads to another freedom: the freedom from coercion.
Read the rest of the post here: