Hacker News new | past | comments | ask | show | jobs | submit login

For points 1 and 2 at least, the UK has the Huawei Cyber Security Evaluation Centre where GCHQ can inspect all Huawei hardware as well as the source code, although it is run by former Huawei employees (overseen by GCHQ) so its independence is questionable.



The staff are actively employed by Huawei, but all undergo UK security clearance to DV standard.


I believe the centre cannot satisfy itself that the code they inspect is the code that is built into the hardware.


Yes.

...it is not possible to be confident that the source code examined by HCSEC is precisely that used to build the binaries running in the UK networks.

-- https://assets.publishing.service.gov.uk/government/uploads/...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: