The German Federal Office for Information Security warns about the use of antivirus software from the Russian manufacturer Kaspersky. No surprising, since security is a matter of trust. Security software even more so.
In the course of the war in Ukraine, a closed-source provider like Kaspersky is hit at its weakest point. Because its customers must believe something that they want to know, and in critical areas of use even have to know: that the use of a software does not involve any risks that cannot be audited.
The vendor tried to meet this requirement without making its sources open source, through so-called transparency centers where source code may be viewed. For various reasons, this is no longer enough for customers.
The current cause is the war in Ukraine and ultimately the fact that it is a Russian company, but the reasons and causes lie deeper. Ultimately, not only Russian providers are affected by the fundamental problem. Software (and hardware), just like the data it processes, can only be trusted if the sources are open and the production process is transparent.
We already know the problem from other contexts – whether a construct is called “Transparency Center”, “Safe Harbour” or “Privacy Shield” – in the end these are marketing terms that cannot disguise the fact that they cannot provide the transparency and trust that we need for secure digital infrastructures. Only open source can do that.