SoylentNews is people
SoylentNews
Networking equipment is one of the last bastions of technology where opaque, proprietary, closed-source hardware continues to thrive. This opacity—combined with networking equipment functioning as the backbone of enterprise computing—creates a fertile breeding ground for fear, uncertainty, and doubt to proliferate. As a result of this, Huawei has spent nearly a decade embattled by accusations of spying for the Chinese government, and since May, a blacklisting.
[...] There's an aphorism named "Linus's Law" which states "Given enough eyeballs, all bugs are shallow." This plausibly applies to Huawei's circumstances: Publishing the full source code to Huawei products is a simplistic—and maximalist—way of dealing with security vulnerabilities and undercut accusations of spying that have plagued Huawei for years.
Opening Huawei products to third-party scrutiny would—at a minimum—surface situations where third-party open-source libraries are not being properly updated, if not allow security researchers the ability to identify vulnerabilities in Huawei-developed code. Such an initiative could also be used to create a shared build platform, making security updates easier to deploy across different device models.
(Score: 2, Touché) by Anonymous Coward on Thursday August 08 2019, @10:25PM (6 children)
The article makes no response to the claims that even if the firmware was completely open sourced that Huawei would then just be accused of implementing hardware-based spying. So if the company can still be accused what does it get them to go open source? Not respect, see two sentences ago. Can one prove that if they went open source they'd start earning more money? So why should they do it for any other reason than altruism?
(Score: 2) by MostCynical on Thursday August 08 2019, @11:12PM
Like cisco?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 5, Interesting) by driverless on Friday August 09 2019, @12:29AM
That's Linus' Fallacy, not Linus' Law. It only works if the eyes are motivated to look, which only really occurs if there's a noticeable bug and it affects you directly. There have been glaring security holes in major packages for ten years or more that were only noticed by accident.
In the particular case of Huawei, GCHQ in the UK has the HCSEC (Huawei Cyber Security Evaluation Centre) created specifically to go over Huawei's code in the most paranoid manner possible. These guys are experts, paid to look at the code and given expensive tools to help them in their work. Posting it to Github where a few random geeks might glance at it for an hour or two until other work calls isn't going to add anything to that.
(Score: 3, Funny) by driverless on Friday August 09 2019, @12:32AM (2 children)
And if they open-sourced the hardware they'd be accused of manipulating the laws of physics to backdoor them. Those dastardly Chinamen, no matter how hard you look they're always a step ahead of you. The fact that we haven't found any smoking-gun backdoor yet (apart from the usual lax security that pretty much every vendor has issues with) just goes to show how clever they are.
(Score: 2) by c0lo on Friday August 09 2019, @01:09AM (1 child)
If one is afraid of the clever, what does that makes the one?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Saturday August 10 2019, @03:31AM
Copper top?
(Score: 0) by Anonymous Coward on Friday August 09 2019, @12:23PM
Huawei is accused by the US gov because they are successful, taking market share away from US companies that own the US gov. Opening up source code won't change that, it will just be different accusations.
Let's all be clear on this, the US gov is the only entity on the planet accusing Huawei. I do not know of any evidence, not even of 'bad' evidence, haven't heard anyone discuss or point to evidence. It's just accusations.
All US allies are continuing to use Huawei, these allies include the 5-eye partners that are probably aware/briefed/... if something real would be going on.