Threat Intelligence, Incident Response, Malware, TDR, Vulnerability Management

Embattled Huawei may open its code for testing in Australia

In an effort to separate itself from worries that Huawei poses a cyber espionage threat, executives of the Chinese network equipment company are proposing the implementation of a new Australian center where it would open up its code for testing.

Speaking to the National Press Club on Wednesday in Australia, Huawei Australia Chairman John Lord said the center -- to be funded by technology vendors -- would give Australian officials access to the company's software and hardware source code, according to a report in The Australian.

Lord said such a lab already exists in the U.K., according to reports.

Michael Coates, chairman of the Open Web Application Security Project (OWASP), a nonprofit focused on improving software security, told that he supports the idea, but it comes with concerns.

"Providing open access to the source code is certainly a step in the right direction for security and transparency," he said in an email. "A key step in this process is to also ensure there are methods to validate that the code running on the shipped devices is equivalent to the available open code. In addition it is important to realize that a point in time analysis is helpful, but any system will evolve with code changes and updates --- an open and transparent process must account for this natural evolution of code."

Lord's comments come in light of the Australian government's decision to remove Huawei as a supplier to its National Broadband Network, the nation's largest-ever infrastructure project. Similar concerns have arisen in Canada.

In the United States, a recently concluded 18-month White House probe determined that there is no evidence that Huawei was involved in spying on behalf of the Chinese government.

The findings go against a U.S. House Intelligence Committee report issued two weeks ago which recommended Huawei -- and fellow Chinese manufacturer ZTE -- not be permitted to sell telecom products here.

The White House review suggested that there are still legitimate risks presented by Huawei, such as vulnerabilities in its products that could be exploited by adversaries.

The spying allegations first surfaced in August 2010, when a group of eight Republican senators warned the Obama administration to be wary of Huawei winning a bid to sell equipment to American telecom giant Sprint Nextel.

They argued Huawei had supplied equipment to Saddam Hussein's regime in Iraq and Iran's Islamic Revolutionary Guard. They also said that because the company reportedly had ties with China's People's Liberation Army (PLA), the selection would "present a national security threat for technology leakage or enhanced espionage against the United States."

A Huawei spokesman did not respond to an inquiry for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.