Because it is! But what else would you expect from our high paid "intelligence" officers? rotflmao

Money talks and people's safety means not a damn thing. Anywhere else charges of treason would be immediate. 

Hmmm, it reminds me of the slight variation on Murphy's Law:  If anything can go wrong it will... because idiots are running the show.  Yup, if you want something messed up, give it to a politician, a high ranking public servant or a high ranking officer in the military.... cos if anybody knows how to disappoint, it's that bunch.

Pentagon contractor lets FSB examine its cyber defenses.

IRS hires Equifax to secure taxpayer data.

Yeah, we're pretty much done.  Swamp wins.

Entirely normal and believable. Govt contractors typically sell to other countries too. Sometimes there are restrictions on what features they are permitted to offer (particularly in weapons software), sometimes not. This is not unique to HP.

The DOD can of course require the same sort of reviews, or prohibit sale to other countries in any contracts it makes, though that will obviously have an impact on the cost, and there is only so much that can be restricted on software that isn't custom-made.

So what you're saying is that gov't contractors could sell to north Korea, Iran and other rogue nations [if they can get away with it]?

Seems to me, the US needs to tighten up its rules and regulations so there are no ifs and buts regarding what gov't contractors can and can't do... once the current idiots are replaced by decision makers who would put in place and oversee better practices.

Entirely normal that enemies see source code for security software. I don't think so.

For allies - that would be another matter. Sorry, but normalizing that kind of thing for the almighty buck is prima facia ridiculous.

Think about it: Effective security software for sale to enemies because who would want the enemy hacked, and who wouldn't want our materials and methods to be rendered ineffective?

If there is no law, sanction, or export control governing the sale? Yes. The US government has been involved with this product for more than a decade; if they wanted to restrict its sale, they'd have done so by now.

This is not military-grade or custom software. It is off-the-shelf big-data reporting software used by a number of financial and medical institutions. It's marketed as security software, and the media is interested in ginning up outrage over that point, but in the end it's just a reporting tool; it only helps with understanding data that is already collected by other systems.

The DOD made the choice to use off-the shelf software, rather than develop internally or contract custom work. The DOD is well within its rights to demand the same sort of reviews and reject any products it finds insecure, though buying off-the-shelf software does mean there is less governance over who the same software can be sold to in the same manner.

Source code reviews are very common for major off-the-shelf products sold to governments. Microsoft even has policies for that specific purpose--just about any customer big or valuable enough can review the Windows source code, and we know that many of them (such as China) has.

Given what this software actually does, I don't agree that it applies in this case, but you are under the misconception that 'normal and believable' and 'stupid and short-sighted' are mutually exclusive when dealing with governments and large companies.

Under no such illogic.

Just know Murphy's Law and HP greed...at all our cost. After all, why would it matter at all if the Pentagon IT (now there's a misnomer) doesn't detect an attack quickly, right?

But oh yeah...bring on deregulation, because corporations have a conscience. lol.

An oxymoron if there ever was one.