|
|
|
|
|
|
by geokon
1558 days ago
|
|
|
"But would it be significantly harder to do, easier to detect, and easier to resolve? Yes, and that makes them better suited to critical infrastructure. " But like what is that conclusion based on? I'm not saying you're wrong - just curious why you hold HP and Cisco in high esteem. At least in terms of engineering talent I'd expect them to be much worse. Huawei is prolly the Google of China paying huge salaries and getting the county's top engineers (along with Alibaba). When I lived in Santa Barbara Cisco didn't have a good rep and they didn't pay well. A typical bureaucratic officespaceesque soul sucker. I don't know about HP but I don't get the sense it's a presitgious place to work either. Again, these are very shaky ill informed judgments on my part I admit :) hence why I'm curious if you're talking from a position of knowledge on the subject |
|
|
It's based on a few assumptions, but ones I feel are reasonable to make. The fact these companies will have been audited in the same way, but that the concerns have not been raised (by government, industry, security consultants) suggests that these processes are very different.
Version control, code auditing, code review, reproducible builds, etc, those will all contribute to being able to protect against attackers.
You're right that there's a huge talent pool in China, and there is good engineering happening in China, but there are also cultural barriers to it in some places. The 9/9/6 working culture in Chinese tech companies optimises for throughput not quality, and the general impression I have from reading about internal engineering cultures at other Chinese tech companies aligns with the Huawei report.
I'm not speaking from a position of expertise, I am judging this and drawing my own conclusions, but I don't feel they are ill informed (nor do I think yours are). I'm confident in the facts I know, have evidence for my opinions, and have reason to believe my suspicions.