
Huawei savaged by Brit code review board over pisspoor dev practices - mcguire
https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversight_board_savaging_annual_report/
======
mcguire
" _In the first version of the software, there were 70 full copies of 4
different OpenSSL versions, ranging from 0.9.8 to 1.0.2k (including one from a
vendor SDK) with partial copies of 14 versions, ranging from 0.9.7d to 1.0.2k,
those partial copies numbering 304. Fragments of 10 versions, ranging from
0.9.6 to 1.0.2k, were also found across the codebase, with these normally
being small sets of files that had been copied to import some particular
functionality._ "

------
sky_nox
"We have no real (at least not this in depth) assurance that products from
rival vendors are more secure"

It should be a requirement to similarly audit every supplier. Cisco has a
history of backdoors and serious bugs.

