In the past, the Government of India asked the equipment makers to share the source codes for network equipment as a security standard which received apprehension from the renowned telecom gear maker Ericsson. However, the Department of Telecommunications (DoT) has addressed Ericsson and stated that there would be no security threat in sharing source code as designated laboratories would only require it for testing purposes. As reported by ET Telecom, a senior official from the department stated that Ericsson had been informed that there would be no harm in sharing source codes which will be required for security tests and not to the department.
Ericsson Raised Question Over Government’s Decision of Seeking Source Codes
Some days back Ericsson raised its concern over the government’s decision of seeking source code from telecom gear makers. Ericsson stated that it is highly questionable if a review of the source code is meaningful, depending upon the purpose. However, if the purpose of seeking source code is to verify that the supplier’s software is free from malicious software, it would be impossible. Also, Ericsson added that telecom network could be compromised through a weakness in configuration and operations for which tests are not aimed.
Seeking Source Codes Will Not Breach Intellectual Property Rights
DoT addressed the concerns raised by telecom gear maker Ericsson and stated that seeking source codes and reviewing them would not breach any Intellectual Property Rights (IPR) or any secret information. Also, the tests will be done in centres which have been assigned by the department, and only the finding and reports of the tests will be shared to the department.
Seeking Source Codes Will Not Address Security Conditions: COAI
Cellular Operators Association of India (COAI) which represents major telecom operators of India shared its opinion and said that source code constitutes valuable commercial information and sensitive information, and security testing of source codes would not address security conditions. All the telecom operators and vendors have already stated that they already stick to the worldwide standards practice and security compliance, including the GSMA’s Network Equipment Security Assurance Scheme (NESAS).
