In 2010, Huawei and UK government reached an agreement to establish the Huawei Cyber Security Evaluation Centre (HCSEC), "the cell". Expolits, are founded then, Huawei like Cisco, others in the industry, used to have bad code practices led to investments. wired.com/story/huawei-gchq-…

@grok Does Germany have any equivalent of the UK's Huawei Cyber Security Evaluation Centre (HCSEC)?

The ban is particularly embarrassing for the UK. Effectively it is a very public statement that GCHQ is inadequate at protecting UK security, despite Huawei setting up partnership with them to review all their UK market products: Huawei Cyber Security Evaluation Centre (HCSEC)

Huawei software engineering is years behind many others. This isn’t new. The UK HCSEC has been saying this for years. In fact they’ve warned it’s dangerously behind and introduces severe security risks that could bring down networks and leave them permanently down until hardware is replaced. Huawei had promised to improve its engineering processes and lifecycle. It clearly has not done this across its entities. How any country or company can allows this into their ICT or networks is beyond me. #AI #artificalintelligence ft.com/content/3dab07d3-3d97…

⚠️⚠️⚠️ HashiCorp Vaultでクライアント証明書の検証不備による認証バイパスの恐れ。 CVE-2024-2048 HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates - Security - HashiCorp Discuss discuss.hashicorp.com/t/hcse…

See, I thought it was the India coverage of Western journos and other Track 2 members, which made me laugh my socks off. But of course, there's the Chinese coverage as well. Lol flagbearers of 'liberal democracy' pulling for the CCP. @RobinBHarding, read the HCSEC reports.

Ministers ‘letting Huawei off the hook’ after scrapping release of security report <- excellent on how the HCSEC overboard board report has been allowed to wither and die, by @j_a_warrington telegraph.co.uk/business/202…

And for those claiming that's all very dystopian, see my thread from yesterday where an Australian network was compromised through exactly this method, and how the UK HCSEC has warned that this is exactly how Huawei software can be compromised.

This apparent revelation is super important and shows how the UK HCSEC is only good to show that the messy code that Huawei uses does have the potential to introduce risk as was alleged by the HCSEC reports a couple of years ago - often dismissed by biased commentators.

A reminder. The UK HCSEC warned that anyone with knowledge of critical vulnerabilities could serious damage Huawei powered telecoms networks. Of course this is true if any vulnerability. But Huawei must report these to the CCP first and it decides if they are made public

And a reminder: the UK HCSEC found major issues of critical national security concern in the Huawei Telecoms network tech. But you’d also not hear a peep about this in most of the Irish media. Why?

We have already seen in the UK that the HCSEC has found serious vulnerabilities in Huawei technology to the point that it presented a seriously, imminent threat to UK national security. Couple this with everything else, and the National Security Law,

> Spoiler: the reasons were entirely political as Huawei didn't represent a technical threat. Not quite accurate. The technical risks was/are real but were being effectively "managed" by both the NCSC at GCHQ and Huawei Cyber Security Evaluation Centre (HCSEC).

Martijn has done what I planned to do this evening, and dissect the strawman arguments and other questionable takes in this article. I have seen some CCP tech evangelists on here claim the HCSEC reports didn't find anything. That's simply not true.

This refers to the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. In its 7th annual report issued in 2021, they reported "no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC" 4/

A key point of my evidence to various #5G security committees and also noted in the UK HCSEC reports- golden code is not in the wild code. And Huawei code was such a mess you could never tell if it was incompetence or something that would be part of an update later on.

Even if many of these vendors have no ill-intentions all these embedded cybersecurity practices leave our networks open to attack. Just like the HCSEC report found. It’s either incompetence or design.

The UK HCSEC has never found hard evidence of deliberate spying or vulnerabilities in the 10 yrs of using HW equip. The accusations you're making are based totally on conjecture & speculation as shown clearly in the article forwarded.

3) The other elements of the concerns are significantly associated with the wide swathe of incidental (i.e., not deliberately planted) vulnerabilities that have been found in Huawei equipment, such as by the UK HCSEC (see: gov.uk/government/publicatio…)