Networking equipment is one of the last bastions of technology where opaque, proprietary, closed-source hardware continues to thrive. This opacity—combined with networking equipment functioning as the backbone of enterprise computing—creates a fertile breeding ground for fear, uncertainty, and doubt to proliferate. As a result of this, Huawei has spent nearly a decade embattled by accusations of spying for the Chinese government, and since May, a blacklisting.
[...] There's an aphorism named "Linus's Law" which states "Given enough eyeballs, all bugs are shallow." This plausibly applies to Huawei's circumstances: Publishing the full source code to Huawei products is a simplistic—and maximalist—way of dealing with security vulnerabilities and undercut accusations of spying that have plagued Huawei for years.
Opening Huawei products to third-party scrutiny would—at a minimum—surface situations where third-party open-source libraries are not being properly updated, if not allow security researchers the ability to identify vulnerabilities in Huawei-developed code. Such an initiative could also be used to create a shared build platform, making security updates easier to deploy across different device models.
(Score: 1, Informative) by Anonymous Coward on Friday August 09 2019, @03:32AM (1 child)
There aren't enough eyeballs and even if there were good luck spotting the critical security bug from the infinite number of crap typed out by the infinite number of monkeys.
Basically you need enough competent eyeballs to spot security bugs.
"Normal level" bugs can be spotted by normal users but even those too often get WONTFIX/WORKSFORME.
Open Source software hasn't really been significantly more secure than closed source software. You can see security bugs in OSS that were present for many years without being spotted:
https://wccftech.com/linux-security-bug-unnoticed-for-9-years/ [wccftech.com]
(Score: 0) by Anonymous Coward on Friday August 09 2019, @08:50AM
Merely hack the hackers, follow through on popular implementations of the flaw, to find the bugs faster than 5 years.