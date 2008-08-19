from the many-eyes dept.
Networking equipment is one of the last bastions of technology where opaque, proprietary, closed-source hardware continues to thrive. This opacity—combined with networking equipment functioning as the backbone of enterprise computing—creates a fertile breeding ground for fear, uncertainty, and doubt to proliferate. As a result of this, Huawei has spent nearly a decade embattled by accusations of spying for the Chinese government, and since May, a blacklisting.
[...] There's an aphorism named "Linus's Law" which states "Given enough eyeballs, all bugs are shallow." This plausibly applies to Huawei's circumstances: Publishing the full source code to Huawei products is a simplistic—and maximalist—way of dealing with security vulnerabilities and undercut accusations of spying that have plagued Huawei for years.
Opening Huawei products to third-party scrutiny would—at a minimum—surface situations where third-party open-source libraries are not being properly updated, if not allow security researchers the ability to identify vulnerabilities in Huawei-developed code. Such an initiative could also be used to create a shared build platform, making security updates easier to deploy across different device models.
(Score: 0) by Anonymous Coward on Thursday August 08, @10:10PM (2 children)
So share your source code, commies.
(Score: 0) by Anonymous Coward on Thursday August 08, @10:18PM (1 child)
China isn't communist, they're free market capitalists.
(Score: 2) by MostCynical on Thursday August 08, @11:02PM
One Party Surveillance State.
(Score: 2, Funny) by Anonymous Coward on Thursday August 08, @10:17PM
That "but they Should" is a disgusting practice and needs to stop.
(Score: 0) by Anonymous Coward on Thursday August 08, @10:25PM (1 child)
The article makes no response to the claims that even if the firmware was completely open sourced that Huawei would then just be accused of implementing hardware-based spying. So if the company can still be accused what does it get them to go open source? Not respect, see two sentences ago. Can one prove that if they went open source they'd start earning more money? So why should they do it for any other reason than altruism?
(Score: 2) by MostCynical on Thursday August 08, @11:12PM
Like cisco?
(Score: 2, Interesting) by hopdevil on Thursday August 08, @10:39PM
Open source is a double edged sword when it comes to security. You hope more people honorably look at your source code and report vulnerabilities than those that will exploit then. In truth this model needs more of an active community of developers than security folks. I don't think that is Huawei's business model.
Besides, binaries are easy enough to reverse engineer. When you have hardware based hidey holes, it is unlikely anyone but a government sized budget will find you.
(Score: 2) by c0lo on Thursday August 08, @10:55PM (1 child)
If not, why not?
(Score: 0) by Anonymous Coward on Thursday August 08, @11:08PM
Cisco isn't run by Chinamen, so they can be trusted.
(Score: 2) by Hartree on Thursday August 08, @11:06PM
What? You'd expect Facebook to open source it's code to alleviate privacy concerns?
Like Facebook working diligently to improve your privacy, Huawei is working diligently to remove extensions to their code that the Chinese government didn't ask them to add. Open source is not needed and counterproductive for their efforts to do that.