Huawei's Cyber Security Officer, John Suffolk, says the company has "taken on board" the criticisms of security researcher Felix Lindner and is sending a team to Germany to work with the researcher in an effort to reform the company's security culture. Huawei is currently defending itself from allegations that its equipment is a risk to US and other nation's cyber security, because it may contain backdoors, by offering governments access to its source code.

In August, Recurity Labs researchers Lindner and Gregor Kopf had presented the results of their examination of the firmware and default settings of a pair of routers from Huawei. Although the researchers did not find any obvious backdoors, they did find more fundamental problems: bad and unsafe software practices that have resulted in bug-rich code which can be easily brought to its knees. The problems were compounded by a lack of any apparent security reporting structure or ability to track what bugs are fixed in which versions of software.

According to a Reuters report, Suffolk told the news agency that Huawei has "very much taken on board Felix's views and you'll see over the coming period we've got a whole host of significant operations to deal with these issues". Although the company had not attended Lindner's earlier presentations, it did, says Suffolk, send people to an October presentation at a conference in Kuala Lumpur.

Describing Lindner's comments about the poor quality of the Huawei code as a slap in the face, Suffolk added "sometimes you need a bit of a slap in the face to step back, not be emotive in your response and say what do I systematically need to change so over time any these issues begin to reduce?" Suffolk believes that Lindner's issues could be fixed in a couple of lines of code but is more interested in changing the security culture of Huawei. The company's team has not visited Germany yet, apparently delayed by visa issues, but is expected to go ahead soon.

Update: The H's associates at heise Security have confirmed with Lindner that a meeting has been arranged with Huawei representatives, but no agenda is available and further plans have yet to be been made for after that meeting.

(djwm)