Huawei 5G source code declared secure and reliable
[Brussels, Belgium, May 13, 2020] ERNW, an independent IT security service provider in Germany, recently conducted a technical review of the source code for Huawei’s unified distributed gateway (UDG) on 5G core networks.
ERNW is an independent IT security service provider in Heidelberg, Germany, since being founded in 2001, it has focused on independent consulting and assessment services in all areas of IT security.
ERNW senior auditors reviewed the Huawei 5G source code by using leading tools and methods as well as the industry’s best practices, and released a review report. The report showed that the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG. This is a convincing proof that Huawei 5G core networks are secure and reliable.
The UDG is a converged network element that can process both 5G and traditional network services. On a 5G core network, it can function as a user plane function (UPF). On a traditional network, it can function as a serving gateway for the user plane and a packet data network gateway for the user plane.
ERNW reviewed the source code for UDG components in the Huawei Cyber Security Transparency Center in Brussels, Belgium. The review covered source code quality, build processes, and open-source component lifecycle management.
The source code quality review showed that the complexity of the source code is below their threshold, duplicate code is rarely present only where appropriate, and unsafe functions seemed to be avoided wherever possible.
The build process review indicated that all binaries are compiled with secure compilation options and are also built with an acceptable level of binary equivalence. The review of the lifecycle management of open-source components showed that the separation of open-source code, code handling, as well as documentation and patch management are all reasonable and meet modern standards.
Considering all the results of the technical review, the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process.
Socio-economic development has become more dependent on 5G, and the world has taken note, believing that threats and potential impacts are increasing and that global supply chains need to be kept under control to reduce their risks.
To keep up with the rapid change of technology, Huawei is actively exploring its security capabilities and will be more open, frank, and transparent when collaborating with customers, industry partners, and government agencies. This shift is best seen in its collaboration with ERNW throughout this review.