SoylentNews is people
SoylentNews
Networking equipment is one of the last bastions of technology where opaque, proprietary, closed-source hardware continues to thrive. This opacity—combined with networking equipment functioning as the backbone of enterprise computing—creates a fertile breeding ground for fear, uncertainty, and doubt to proliferate. As a result of this, Huawei has spent nearly a decade embattled by accusations of spying for the Chinese government, and since May, a blacklisting.
[...] There's an aphorism named "Linus's Law" which states "Given enough eyeballs, all bugs are shallow." This plausibly applies to Huawei's circumstances: Publishing the full source code to Huawei products is a simplistic—and maximalist—way of dealing with security vulnerabilities and undercut accusations of spying that have plagued Huawei for years.
Opening Huawei products to third-party scrutiny would—at a minimum—surface situations where third-party open-source libraries are not being properly updated, if not allow security researchers the ability to identify vulnerabilities in Huawei-developed code. Such an initiative could also be used to create a shared build platform, making security updates easier to deploy across different device models.
(Score: 0) by Anonymous Coward on Friday August 09 2019, @12:47AM (1 child)
Then they blame the foundry, or the PCB maker, like the fiasco accusing Supermicro, not so long ago.
(Score: 2) by Rupert Pupnick on Friday August 09 2019, @01:49AM
That whole Supermicro thing could have been verified or debunked literally within hours simply by comparing suspect hardware with the original design databases. Impossible to sneak changes into production hardware without leaving a gigantic trail of corresponding documentation and database changes. Bloomberg’s credibility took a big hit on that one.