Avast, a security and antivirus company based in Prague, says they refuse to share their source code, and that the U.S. government hasn’t even asked them. This is not necessarily the case for the rest of the industry. Over the summer we learned from a report at The Intercept that GCHQ and the NSA had a project to subvert security software so they could use vulnerabilities and exploits to their own advantage. Antivirus firms McAfee and Symantec were notably absent from the list of targets, and Symantec later confirmed over email that they “permitted source code review in controlled environments to meet government requirements.” In addition to raising questions about whether a security product can be trusted under such circumstances, it also causes political problems: “Giving assurances to one country, and receiving government certification, can harm a security company in another. China, a known cyber-adversary of the US, accused Symantec last year of including backdoors that could allow outside access — though it did not specifically say how — and banned the product from the country.”
