I know I am probably too forgiving (and generous and honest https://www.pinterest.co.uk/pin/439593613603376622/) but dumb companies have left backdoors in everything from heart monitors to factory equipment.
I understood that the Huawei threat is not "dumb shit" but "clever shit we don't notice until the cyber portion of the combined arms full scale attack is launched"
If we cannot trust one hardware company we cannot trust any of them. Open source hardware seems like the Nash Equilibrium for this problem - everyone finds a way to make sure everyone can verify the hardware in their network...
And why wouldn’t it be? Huawei is a large organization and, like all large organizations, will consist of a multitude of different groups all trying to achieve the same goal in different ways. Some will want to rob the bank by tunnelling quietly into the vault at night, some will want to walk through the front door with a sawn-off shotgun.
Fair enough - see my edit above. The only protection against dumb or clever shit is some means to verify SoCs are what they claim to be (yes very hard, but a future with Open source SoCs, and supply chains where you can inspect enough to be confident - that future can be glimpsed from here and it's a future where everyone wins)
> The only protection against dumb or clever shit is some means to verify SoCs are what they claim to be
That's only protection from clever shit. Dumb shit will have security vulnerabilities due to being made by programmers who don't care, pushed to do it faster by managers who don't care.
I understood that the Huawei threat is not "dumb shit" but "clever shit we don't notice until the cyber portion of the combined arms full scale attack is launched"
If we cannot trust one hardware company we cannot trust any of them. Open source hardware seems like the Nash Equilibrium for this problem - everyone finds a way to make sure everyone can verify the hardware in their network...