Hacker News new | ask | show | jobs
by acqq 2552 days ago
> really basic things like updating OpenSSL libraries seem near impossible for Huawei.

> Huawei (...) took their designs and code, without fully understanding them.

Do you want to say that there aren't people in China smart enough to "update OpenSSL" in their codebase? Whichever way the codebase started to be used by the company?

A lot of companies and developers inherit the products created in some other times in some other companies and generally are able to update them.
2 comments
StudentStuff 2552 days ago
No, I'm not saying that at all. What I am saying is those managing Huawei do not care about updating OpenSSL or other dependencies. Its a corporate culture problem at Huawei IMO
link
gnopgnip 2552 days ago
Many companies have the same problems, not rewarding people who fix these type of security issues and look at security holistically, and instead the only path to success is to create new features
link
StudentStuff 2552 days ago
See Cisco's handling of their low-end routers as a great example: https://news.ycombinator.com/item?id=19507225

It is rotten corporate culture that is starving critical maintenance work at these companies, creating the internet of vulnerable shit.

link