Not sure about this...
Quite apart from the fact that Huawei kit is currently off the UK's Christmas present wish list why are we doing their work for them in drawing the equipment's vulnerabilities to their attention? OK; if the NCSC says to Huawei there are n* vunerabilities that we have found without providing any specifics then all well and good, but as things stand we seem to be risking handing information about our specialists' abilities to find those vulnerabilities to a foreign entity whose intentions are not always necessarily benign, or might not be in the future. Just seems a bit wrong to me...
* Where n is an integer!