HCSEC is auditing Huawei code
By all accounts this code has quality problems, but is the equivalent code from Cisco, Ericsson, Nokia, Intel, Qualcomm, etc, any better ? I suspect not.
Why does Huawei not just open source its code (eg upload to Github) and make it easy for users to install their own version ? They can make their money selling hardware & support. This would mean that:
* it would be hard for others to claim hidden back doors
* many programmers could work on & improve the code
Yes: that would still leave the possibility of deliberate hardware bugs - but that is harder to do & so harder to be accused of.
I do appreciate that doing this is harder than just uploading the code, but it would be doable.