to make code appear to no longer use unsafe functions, and make auditing harder. [2]
- When critical vulnerabilities were found (arising from poor code quality in user-facing protocols, and an old operating system), they were fixed, but the fix introduced another major issue into the product in question. [1]
- Reliance on out-of-support RTOS in products, and no alignment of own product lifespans to external support lifespans, and no identification of this issue by themselves. [1]
- Previously, 70 full copies of 4 different OpenSSL versions were found in products (and 304 partial copies), some of which dated back to 2006 with multiple disclosed vulnerabilities in each, showing no dependency management at all, and no management of vulnerabilities in dependencies. [2]
Does it matter if they did? At this point, everyone has to assume the CCP has the ability to take complete control of any Chinese company it wants to (see Ant Group). I’m not sure why they even bother with the “monopoly” or “corruption” pretenses at this point.
That's fine, but then you have to assume the same of the CIA and 101 other countries/agencies. So you have to design and build every part of all your systems nationally down to the copper wire pretty much and only after you've vetted all the people involved.
People need to stop with this US/China equivalence rubbish.
US is an open democracy albeit imperfect, independent judiciary, free press, free association, culture of openness and transparency. China has none of those.
That matters when you're asking which side to trust.
While it’s true that various US and foreign agencies can (and already are) tap into communication networks, that is a very different scenario than what you see in China, i.e. the state essentially taking control of private companies whenever they want.
We know the US used the NSA to gain an economic edge in negotiations with the EU. It even shared the information commercially didn't it?
I don't think the US would hesitate to interfere for a moment if it wanted. The EU is already under US sanctions for building a gas pipeline with Russia. There is the Iran situation and the wider Middle East and North Africa messes and Turkey. Plenty of places for a disagreement to form...
The EU has no major beef with China (I would prefer if they did, there is a lot to oppose about the PRC). China also has a much more isolationist/localist foreign policy so they're less likely to act and less likely to come into conflict with the EU.
1. EU is not being sanctioned for the Gazprom pipeline but rather EU companies which is a pretty important distinction.
2. EU does have major issues with China. They abhor it's substantial human rights abuses and geopolitical ambitions and have said on many occasions. Germany even has its navy warships on the way to the South China Sea for war gaming with APAC allies.
They are just willing to put all of that aside for better trading relations.
