SAN FRANCISCO (Reuters) - International Business Machines Corp said on Friday it allows certain countries to review, under strict control, portions of the U.S. technology company’s product source code to detect any security flaws in its software.
China is among those countries, a person familiar with the company’s policy there said. The reviews must be done using an IBM security application and the company “does not let people take the code out of the room,” the source said on condition of anonymity due to the sensitivity of the matter.
Without mentioning China, IBM said in a statement that “strict procedures are in place within these technology demonstration centers to ensure that no software source code is released, copied or altered in any way.”
“IBM does not provide government access to client data or back doors into our technology,” the company added.
The Wall Street Journal, citing two people briefed on the practice, reported earlier Friday that IBM was allowing officials from China’s Ministry of Industry and Information Technology to examine code.
The China ministry could not immediately be reached for comment.
The reviews would make IBM the first major U.S. tech company to comply with Beijing’s recent demands for a stronger hand in foreign technology there, the Journal said.
The report did not make clear which products IBM was allowing reviews of or how long officials can spend looking at the code, and IBM did not address those issues.
China has considered its reliance on foreign technology a national security weakness, especially after former National Security Agency contractor Edward Snowden’s revelations that U.S. spy agencies planted code in U.S.-made software to snoop on overseas targets.
Cybersecurity has been a major source of friction in U.S.-China ties, with both sides accusing the other of abuses.
IBM has been more willing to strike closer partnerships with China’s government than many other U.S. tech companies, the Journal report said.
IBM said in Friday’s statement that programs to review product source code are not unique to the company, citing Microsoft Corp as an example. Microsoft signed an agreement in 2003 allowing China controlled access to Windows source code, and has struck similar deals with Russia and the United Kingdom.
IBM said on Wednesday it would offer its cloud-computing platform Bluemix in China through a collaboration with Chinese data-center services company 21Vianet Group Inc.
Reporting by Devika Krishna Kumar in Bengaluru; Editing by Savio D'Souza, Stephen R. Trousdale and Richard Chang