ERNW, an independent IT security service provider in Germany, has conducted a technical review of the source code for Huawei’s unified distributed gateway (UDG) on 5G core networks.
ERNW senior auditors reviewed the source code by using leading tools and methods as well as the industry’s best practices, and released a review report. The report showed that the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG.
This is a convincing proof that Huawei 5G core networks are secure and reliable.
Abraham Liu, Chief Representative to the EU Institutions, Huawei said
“Huawei, with its innovative solutions based on Intelligent Connectivity, can contribute to the implementation of the European Green Deal, helping make Europe not just “fit for the Digital Age” but also climate neutral by 2050.
5G can have a positive environmental impact on all sectors, facilitating all kinds of industrial, automotive and Smart City platforms aimed at reducing greenhouse gas emissions by factories, vehicles and consumers alike.
And indeed 5G itself is Green. It uses just 10 percent of the energy that 4G uses to transfer the same amount of data.
And we can help Europe achieve its true digital sovereignty, giving Europeans genuine choice of tech suppliers in the future.”
The UDG is a converged network element that can process both 4G and 5G services. On a 5G core network, it can function as a user plane function (UPF). On a traditional network, it can function as a serving gateway for the user plane and a packet data network gateway for the user plane.
ERNW reviewed the source code for UDG components in the Huawei Cyber Security Transparency Center in Brussels, Belgium.
The review covered source code quality, build processes, and open-source component lifecycle management. The source code quality review showed that the complexity of the source code is below their threshold, duplicate code is rarely present only where appropriate, and unsafe functions seemed to be avoided wherever possible.
The build process review indicated that all binaries are compiled with secure compilation options and are also built with an acceptable level of binary equivalence.
The review of the lifecycle management of open-source components showed that the separation of open-source code, code handling, as well as documentation and patch management are all reasonable and meet modern standards.
Considering all the results of the technical review, the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process.
Socio-economic development has become more dependent on 5G, and the world has taken note, believing that threats and potential impacts are increasing and that global supply chains need to be kept under control to reduce their risks.
To keep up with the rapid change of technology, Huawei is actively exploring its security capabilities and will be more open, frank, and transparent when collaborating with customers, industry partners, and government agencies. This shift is best seen in its collaboration with ERNW throughout this review.
Over the past 30 years, Huawei’s products and solutions have been deployed in more than 170 countries and regions, and have maintained a good reputation for security in the industry. Under the new technical and security environment, Huawei regards building and implementing an E2E global cyber security assurance system as one of its key development strategies.
Huawei will continue investing in cyber security R&D and innovation to enhance cyber security capabilities. Huawei will also strengthen its collaboration with carriers, industry partners, and governments to be more transparent and open, aiming to build a trustworthy cyber security environment for 5G.