Any drive manufacturer is free to open source their firmware etc. and thereby extend the auditability of the system. That is something that I would welcome.
In the specific drives that were mentioned initially, this raises some interesting additional questions.
-
Does the manufacturer allow the DoD (only) to review the source and verify that it is the source?
-
Does that make the manufacturer better or worse?
-
Are there two separate editions of the drive, the DoD edition and the pleb edition (where only the latter has the standard backdoors
)?