ERNW, an IT security service provider in Germany, conducted a technical review of the source code for Huawei’s unified distributed gateway (UDG) on 5G core networks and gave a positive feedback.
ERNW auditors reviewed the source code by using leading tools and methods as well as the industry’s best practices, and released a review report.
The Donald Trump administration believes that Huawei, the # telecom equipment maker, is posing security challenges to mobile operators due to its connection with China government. Huawei denied this.
The report showed that the source code quality is a good indicator that China-based Huawei has established a mature and appropriate software engineering process for UDG. This is a convincing proof that Huawei 5G core networks are secure and reliable, Huawei said in a statement.
The UDG is a converged network element that can process both 5G and traditional network services. On a 5G core network, it can function as a user plane function (UPF). On a traditional network, it can function as a serving gateway for the user plane and a packet data network gateway for the user plane.
ERNW reviewed the source code for UDG components in the Huawei Cyber Security Transparency Center in Brussels, Belgium. The review covered source code quality, build processes, and open-source component lifecycle management.
The source code quality review showed that the complexity of the source code is below their threshold, duplicate code is rarely present only where appropriate, and unsafe functions seemed to be avoided wherever possible.
The build process review indicated that all binaries are compiled with secure compilation options and are also built with an acceptable level of binary equivalence. The review of the lifecycle management of open-source components showed that the separation of open-source code, code handling, as well as documentation and patch management are all reasonable and meet modern standards.
Huawei said it will be investing in cyber security R&D and innovation to enhance cyber security capabilities. Huawei will also strengthen its collaboration with carriers, industry partners, and governments to be more transparent and open, aiming to build a trustworthy cyber security environment for 5G.