|
> But like what is that conclusion based on? It's based on a few assumptions, but ones I feel are reasonable to make. The fact these companies will have been audited in the same way, but that the concerns have not been raised (by government, industry, security consultants) suggests that these processes are very different. Version control, code auditing, code review, reproducible builds, etc, those will all contribute to being able to protect against attackers. You're right that there's a huge talent pool in China, and there is good engineering happening in China, but there are also cultural barriers to it in some places. The 9/9/6 working culture in Chinese tech companies optimises for throughput not quality, and the general impression I have from reading about internal engineering cultures at other Chinese tech companies aligns with the Huawei report. I'm not speaking from a position of expertise, I am judging this and drawing my own conclusions, but I don't feel they are ill informed (nor do I think yours are). I'm confident in the facts I know, have evidence for my opinions, and have reason to believe my suspicions. |
Have they? Are you sure? The Huawei audit were not a routine audit. According to Wired it was done by the special British "Huawei Cyber Security Evaluation Centre". I can't find any evidence the UK National Cyber Security Centre has done the same with Cisco or HP.
> am judging this and drawing my own conclusions, but I don't feel they are ill informed (nor do I think yours are)
The difference between us is that I definitely think MY conclusions are ill informed. Hope someone who knows what they're talking about can chime in