SoylentNews

Freeman [soylentnews.org] writes:

HCSEC reported that the software build process used by Huawei results in inconsistencies between software images. In other words, products ship with software with widely varying fingerprints, so it’s impossible to determine whether the code is the same based on checksums.

While I'm very much an amateur when it comes to coding, this really strikes me as odd. How hard could it be to consistently provide the same build? Perhaps, it's just really bad practice, but with all of the other controversies surrounding the company, this sure doesn't help things.

https://arstechnica.com/information-technology/2019/03/uk-cyber-security-officials-report-huaweis-security-practices-are-a-mess/ [arstechnica.com]

Original Submission