Re: Better
Problems have been pointed out for nigh on 10 years now, in perfectly polite and non-politicised fashion. I think NCSC (as they’re now called) have just got fed up with the lack of progress.
It’s a little bit (and I do mean a little) like MS. Remember not so long ago MS secure coding was an utter car crash? Then they went out of their way to significantly improve security. We got Vista and everything after which (security-wise) is leaps and bounds ahead of XP et al.
Huawei have yet to make that decision. I honestly think they want to produce more secure gear. They’ve thrown enough money at the problem! The issue appears to be a breakdown somewhere between the top and the coal face (I.e. the programmers). I have no idea why, but the message isn’t getting through/being enforced.
I can only guess it’s a time scale thing. The priority is new code. Until that changes, rewriting millions upon millions of lines of code ain’t gonna happen, which means the same old shit popping up time and again.
I don’t think Huawei know how to write properly secure code to be honest, and I don’t think they truly prioritise it. I want to be fit and strong. But do I actively go to the gym?... Same issue with H. It’s one thing to want something, it’s another to put yourself out and do something about it.