Networking equipment is one of the last bastions of technology where opaque, proprietary, closed-source hardware continues to thrive. This opacity—combined with networking equipment functioning as the backbone of enterprise computing—creates a fertile breeding ground for fear, uncertainty, and doubt to proliferate. As a result of this, Huawei has spent nearly a decade embattled by accusations of spying for the Chinese government, and since May, a blacklisting.
[...] There's an aphorism named "Linus's Law" which states "Given enough eyeballs, all bugs are shallow." This plausibly applies to Huawei's circumstances: Publishing the full source code to Huawei products is a simplistic—and maximalist—way of dealing with security vulnerabilities and undercut accusations of spying that have plagued Huawei for years.
Opening Huawei products to third-party scrutiny would—at a minimum—surface situations where third-party open-source libraries are not being properly updated, if not allow security researchers the ability to identify vulnerabilities in Huawei-developed code. Such an initiative could also be used to create a shared build platform, making security updates easier to deploy across different device models.
(Score: 5, Interesting) by driverless on Friday August 09 2019, @12:29AM
That's Linus' Fallacy, not Linus' Law. It only works if the eyes are motivated to look, which only really occurs if there's a noticeable bug and it affects you directly. There have been glaring security holes in major packages for ten years or more that were only noticed by accident.
In the particular case of Huawei, GCHQ in the UK has the HCSEC (Huawei Cyber Security Evaluation Centre) created specifically to go over Huawei's code in the most paranoid manner possible. These guys are experts, paid to look at the code and given expensive tools to help them in their work. Posting it to Github where a few random geeks might glance at it for an hour or two until other work calls isn't going to add anything to that.