All security software should be open source, available for scrutiny to anyone

McAfee has announced it will no longer permit foreign governments to scrutinize the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber attacks.

Cesare Garlati, chief security strategist at the prpl Foundation, said: "Whether any software vendors allow governments review of their source code is a false problem, a distraction from the real issue at stake. In a world of one trillion connected devices all security software should be open source, available for scrutiny to anyone.

"There is consensus in the security community that the so called "security through obscurity" never worked - just look at Windows Microsoft or Adobe Flash if you need proof. Intellectual property protection is a legitimate concern. It should be addressed from a legal perspective through appropriate licensing schemes - in the end open source software doesn't mean free software.

"To claim that closed source software is required to protect IP it is just an excuse to avoid scrutiny. Close source software does not make any software more secure. In fact is the exact opposite. All recent high-profile incidents involve reverse engineering of closed source software, identification of vulnerabilities and their systematic exploit."