ERNW, an independent IT security service provider in Germany, recently conducted a technical review of the source code for Huawei’s unified distributed gateway (UDG) on 5G core networks. ERNW senior auditors reviewed the source code by using leading tools and methods as well as the industry’s best practices and released a review report. The report showed that the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG. This is convincing proof that Huawei 5G core networks are secure and reliable.
ERNW reviewed the source code for UDG components in the Huawei Cyber Security Transparency Center in Brussels, Belgium. The review covered source code quality, build processes, and open-source component lifecycle management. The source code quality review showed that the complexity of the source code is below their threshold, duplicate code is rarely present only where appropriate, and unsafe functions seemed to be avoided wherever possible. The build process review indicated that all binaries are compiled with secure compilation options and are also built with an acceptable level of binary equivalence. The review of the lifecycle management of open-source components showed that the separation of open-source code, code handling, as well as documentation and patch management are all reasonable and meet modern standards. Considering all the results of the technical review, the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process.
Socio-economic development has become more dependent on 5G, and the world has taken note, believing that threats and potential impacts are increasing and that global supply chains need to be kept under control to reduce their risks. To keep up with the rapid change of technology, Huawei is actively exploring its security capabilities and will be more open, frank, and transparent when collaborating with customers, industry partners, and government agencies. This shift is best seen in its collaboration with ERNW throughout this review.
ERNW is an independent IT security service provider in Heidelberg, Germany. Since its founding in 2001, the focus is on vendor-independent consulting and assessment services in all areas of IT security. By supplying those services to its customers ERNW strives to “Make the World a Safer Place”.