"But would it be significantly harder to do, easier to detect, and easier to resolve? Yes, and that makes them better suited to critical infrastructure. "
But like what is that conclusion based on?
I'm not saying you're wrong - just curious why you hold HP and Cisco in high esteem.
At least in terms of engineering talent I'd expect them to be much worse. Huawei is prolly the Google of China paying huge salaries and getting the county's top engineers (along with Alibaba). When I lived in Santa Barbara Cisco didn't have a good rep and they didn't pay well. A typical bureaucratic officespaceesque soul sucker. I don't know about HP but I don't get the sense it's a presitgious place to work either.
Again, these are very shaky ill informed judgments on my part I admit :) hence why I'm curious if you're talking from a position of knowledge on the subject
It's based on a few assumptions, but ones I feel are reasonable to make. The fact these companies will have been audited in the same way, but that the concerns have not been raised (by government, industry, security consultants) suggests that these processes are very different.
Version control, code auditing, code review, reproducible builds, etc, those will all contribute to being able to protect against attackers.
You're right that there's a huge talent pool in China, and there is good engineering happening in China, but there are also cultural barriers to it in some places. The 9/9/6 working culture in Chinese tech companies optimises for throughput not quality, and the general impression I have from reading about internal engineering cultures at other Chinese tech companies aligns with the Huawei report.
I'm not speaking from a position of expertise, I am judging this and drawing my own conclusions, but I don't feel they are ill informed (nor do I think yours are). I'm confident in the facts I know, have evidence for my opinions, and have reason to believe my suspicions.
"The fact these companies will have been audited in the same way .."
Have they? Are you sure? The Huawei audit were not a routine audit. According to Wired it was done by the special British "Huawei Cyber Security Evaluation Centre". I can't find any evidence the UK National Cyber Security Centre has done the same with Cisco or HP.
> am judging this and drawing my own conclusions, but I don't feel they are ill informed (nor do I think yours are)
The difference between us is that I definitely think MY conclusions are ill informed. Hope someone who knows what they're talking about can chime in
It all sounds very reasonable untill you remember that multiple backdoors and hardcoded hidden admin accounts have been found in Cisco products. I have yet to see any proof that Huawei are worse (or better) than Cisco. IMO absolutely nothing have been proven in terms of quality versus other manufacturers outside of political standpoints in all this. As far as I can tell this audit have not been done (or at least not published) to any other manufacturer than Huawei. It's 100 % politics and zero evidence of quality when only one side gets tested and published.
But like what is that conclusion based on?
I'm not saying you're wrong - just curious why you hold HP and Cisco in high esteem.
At least in terms of engineering talent I'd expect them to be much worse. Huawei is prolly the Google of China paying huge salaries and getting the county's top engineers (along with Alibaba). When I lived in Santa Barbara Cisco didn't have a good rep and they didn't pay well. A typical bureaucratic officespaceesque soul sucker. I don't know about HP but I don't get the sense it's a presitgious place to work either.
Again, these are very shaky ill informed judgments on my part I admit :) hence why I'm curious if you're talking from a position of knowledge on the subject