ERNW, an independent IT security service provider in Germany, recently conducted a technical review of the source code for Huawei’s unified distributed gateway (UDG) on 5G core networks. ERNW senior auditors reviewed the source code by using leading tools and methods as well as the industry’s best practices, and released a review report. The report showed that the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG. This is a convincing proof that Huawei 5G core networks are secure and reliable.
The UDG is a converged network element that can process both 5G and traditional network services. On a 5G core network, it can function as a user plane function (UPF). On a traditional network, it can function as a serving gateway for the user plane and a packet data network gateway for the user plane. ERNW reviewed the source code for UDG components in the Huawei Cyber Security Transparency Center in Brussels, Belgium. The review covered source code quality, build processes, and open-source component lifecycle management. The source code quality review showed that the complexity of the source code is below their threshold, duplicate code is rarely present only where appropriate, and unsafe functions seemed to be avoided wherever possible. The build process review indicated that all binaries are compiled with secure compilation options and are also built with an acceptable level of binary equivalence. The review of the lifecycle management of open-source components showed that the separation of open-source code, code handling, as well as documentation and patch management are all reasonable and meet modern standards. Considering all the results of the technical review, the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process.
Socio-economic development has become more dependent on 5G, and the world has taken note, believing that threats and potential impacts are increasing and that global supply chains need to be kept under control to reduce their risks. To keep up with the rapid change of technology, Huawei is actively exploring its security capabilities and will be more open, frank, and transparent when collaborating with customers, industry partners, and government agencies. This shift is best seen in its collaboration with ERNW throughout this review.
Over the past 30 years, Huawei’s products and solutions have been deployed in more than 170 countries and regions, and have maintained a good reputation for security in the industry. Under the new technical and security environment, Huawei regards building and implementing an E2E global cyber security assurance system as one of its key development strategies. Huawei will continue investing in cyber security R&D and innovation to enhance cyber security capabilities. Huawei will also strengthen its collaboration with carriers, industry partners, and governments to be more transparent and open, aiming to build a trustworthy cyber security environment for 5G.