Yes, this sinner needs to repent, starting with Huawei. The question I asked myself:
If I were hired by Huawei to help them overcome the lack of trust reported in both the US and the UK, as well as my own lack of confidence in the security integrity of their products, what would I do?Actually, I've been contemplating that question since my very first post on you. The thought generally starts with the term, "Wow, you poor b*st*rds…" Clearly, though, what would I do to help you turn around and penetrate Western markets like they never thought possible? Assuming your quality is good, and knowing in advance that your prices will undercut pretty much everything else out there, how could you turn your biggest liability (would distrust of China's cyber goals) into your greatest asset? That concept, turning a liability into an asset of equal proportion, is something motivational speakers and so-called "life coaches" have been doing since…well…since the theme occurs fairly routinely throughout the Bible, the Torah, and even the Koran (probably Buddha and Lao Tse, too). So what's the answer. Three steps, gentlemen:
- Huawei, you must face the problem head-on. It's not good enough that you offer their source code to potential large customers. As I've said before, it's easy to hide two or three-way combination locks in plain sight. Source code doesn't make any difference. Facing it head-on means recognizing you have a problem and solving it forthrightly.
- Google's offering a mere $20,000 to the first CanSecWest attendee who can crack their Chrome browser is downright insulting. It certainly doesn't bespeak infinite confidence in their product. If you want to make you point, offer $1 million to the first person who can find a trap door unique to your products.
- Don't just make the offer, but put the actual $1 million in escrow with a trusted third party to whom you have also given the right to make the decision as to whether or not the identified trap door is legitimate. You should also make it part of the contract with that trusted third party that their decision about disbursing the $1 million must be made within a very short time. Maybe 30 days.
You won't have to spend another dollar…er, Yuan…on either marketing or advertising. The press will be staggering. Not only will everyone from major corporations to lowly consumers buy your product, but every hacker and whacker will want your product, too. You get the picture.
And even if you have to pay out the $1 million—even several times—the newsworthiness of the event and honest "Gosh,-we-really-didn't-have-any-idea,-and-that-employee-who-was-acting-as-an-agent/spy-has-been-publicly-terminated" will further instill confidence in your integrity.
This is the best I have. Yours free for the taking. Yes, because I'm basically a good guy having a little intellectual joust at your expense. But also because you have a lot of families depending upon you for their jobs and sustenance. Why not make them proud to work for such an honorable employer? Heck, you might even consider giving internal whistle blowers a bounty. Adam Smith's "invisible hand" could deliver…financial freedom.
No comments:
Post a Comment
Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?