Where have we gotten? Seriously. Bravo HP Enterprise. Darwin Award of the century goes to you, hands down.
"Last year, Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to analyze the source code of a cybersecurity software used by the Pentagon, Reuters reports. The software, a product called ArcSight, is an important piece of cyber defense for the Army, Air Force and Navy and works by alerting users to suspicious activity -- such as a high number of failed login attempts -- that might be a sign of an ongoing cyber attack. The review of the software was done by a company called Echelon for Russia's Federal Service for Technical and Export Control as HPE was seeking to sell the software in the country. While such reviews are common for outside companies looking to market these types of products in Russia, this one could have helped Russian officials find weaknesses in the software that could aid in attacks on US military cyber networks." - Engadget
But, no worries...
"HPE told Reuters that reviews are done at an HPE facility under the supervision of HPE staff and that no vulnerabilities were found during this particular review." - Engadget
While it's true this wouldn't allow the GRU to log on to the Pentagon computers, it could make an ongoing attack harder to spot.
This is priceless:
"A Pentagon Defense Information Systems Agency spokesperson told Reuters that HPE didn't let the Pentagon know about the review but that it also wasn't required to. The ArcSight review may not have unearthed any backdoors or resulted in any additional cyber infiltrations, but at the very least it seems that, when it comes to the US military, using popular off-the-shelf security software might be a vulnerability in itself." - Engadget
Again...why does this strike me as absolute idiocy?