IBM letting governments review its source code

IBM has admitted it allows certain countries to review, under strict control, portions of its product source code to detect any security flaws in its software.

China is among those countries, a person familiar with the company's policy said.

The reviews must be done using an IBM security application and the company "does not let people take the code out of the room," the source said on condition of anonymity due to the sensitivity of the matter.

Without mentioning China, IBM said that "strict procedures are in place within these technology demonstration centres to ensure that no software source code is released, copied or altered in any way".

"IBM does not provide government access to client data or back doors into our technology," the company said.

The Wall Street Journal reported on Friday that IBM was allowing officials from China's Ministry of Industry and Information Technology to examine code.

The China ministry could not immediately be reached for comment.

The WSJ report did not make clear which products IBM was allowing reviews of or how long officials can spend looking at the code, and IBM did not address those issues.

IBM said programs to review product source code were not unique to the company, citing Microsoft as an example.

Microsoft signed an agreement in 2003 allowing China-controlled access to Windows source code, and has struck similar deals with Russia and the United Kingdom.

Beijing recently made demands for a stronger hand in foreign technology.

China has considered its reliance on foreign technology a national security weakness, especially after former National Security Agency contractor Edward Snowden's revelations that US spy agencies planted code in US-made software to snoop on overseas targets.

Cybersecurity has been a major source of friction in US-China ties, with both sides accusing the other of abuses.