The U.K. report reinforced previous concerns with respect to Huawei's approach to software development. Vulnerabilities that remain in place include "protected stack overflows in publicly accessible protocols, protocol robustness errors leading to denial of service, logic errors, cryptographic weaknesses, default credentials, and many other basic vulnerability types."
NCSC, which has been reviewing Huawei's equipment and processes to mitigate any perceived risks to critical infrastructure in the U.K. for almost nine years, concluded that the company has made no progress of late and "is not confident that Huawei is able to remediate the significant problems it faces." Moreover, the report concludes that "Huawei's software engineering and cybersecurity competence and associated processes are failing to improve sufficiently."
Get the news HERE