A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Huawei gear - can the threat be avoided by software escrow?



 
 
Thread Tools Display Modes
  #11  
Old April 3rd 19, 07:59 AM posted to uk.telecom.broadband
Chris
external usenet poster
 
Posts: 568
Default Huawei gear - can the threat be avoided by software escrow?

tim... wrote:


"Chris" wrote in message
...
tim... wrote:


"Peter" wrote in message
...
Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors,

because it's tens of million of line of code.


That sounds a lot. Do you know that or is it a guess?


I know that it's the size of the competitors code


Fair enough. Then it's unfeasible to check properly, as you say.

  #12  
Old May 6th 19, 10:39 PM posted to uk.telecom.broadband
MB[_2_]
external usenet poster
 
Posts: 225
Default Huawei gear - can the threat be avoided by software escrow?

On 02/04/2019 07:59, Peter wrote:
Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.




When a supposedly friendly country was doing exactly the same as it is
presumed Huawei would do, in the USA some years ago, all their equipment
was removed (and banned I think)
  #13  
Old May 7th 19, 11:08 AM posted to uk.telecom.broadband
R. Mark Clayton[_2_]
external usenet poster
 
Posts: 584
Default Huawei gear - can the threat be avoided by software escrow?

On Tuesday, 2 April 2019 08:33:05 UTC+1, Bob Henson wrote:
Peter wrote:

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.


It's a nice idea - I wonder what really does happen. Presumably GCHQ and
the rest of the security services do quite a lot of checking - at least in
security sensitive areas. I'd love to know if they give the authors the
benefit of the doubt and report the errors to them, or if we do the same as
the Chinese and most of the rest of the world would do - which is is to
nick the code, make it safe for us and use it and/or insert our own
backdoors and release it back into the wild.

--
Bob
Tetbury, Gloucestershire, England


Software escrow is fine, but not really suitable for network nodes.

I evaluated a small US made node for a French telecoms outfit many moons ago.

There were scores of bugs, but the most serious was a memory leak which gradually reduced the performance of the node before finally rendering it incommunicado and requiring an engineer visit to reset it.

In net hardware is particularly vulnerable to viruses and common mode software faults and whilst escrow of the code would reduce the risk of a major outage it would be far from eliminating it.

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SMS gateway software, SMS gateway, SMS software, SMS server, SMPP software, WAP Push John uk.telecom.voip (UK VOIP) 0 August 29th 07 06:14 AM
The wi fi/cellular/emf threat Lenny uk.telecom.broadband (UK broadband) 1 July 21st 07 07:21 PM
plus net threat letter Beck uk.telecom.broadband (UK broadband) 36 February 1st 06 04:23 PM
AOL can ICS with USRobotics Gear? Siggy Rhetts uk.telecom.broadband (UK broadband) 1 February 5th 04 10:02 PM
Net gear 814 & new 834 Merlin uk.telecom.broadband (UK broadband) 9 September 24th 03 09:12 PM


All times are GMT +1. The time now is 04:39 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.