By Reetika Wadhwa and Nishtha Das
As per reports, with a view to undertake security assurance testing for telecom gear manufacturers, the government is planning on a requirement to share their source codes. According to recent media reports dated June 09, 2020 the Department of Telecommunication (DoT), Government of India, is in the process of developing a provision that would mandate providing source code for every network equipment deployed by the telecom gear manufacturers.
What is Source Coding?
Source coding is the process where data encryption is carried out to ensure removal of any unnecessary data due to which the bandwidth of the signal is adjusted to deliver effective transmission. Earlier, the testing of source code was done internally by the companies which was facilitated through their self-certification. With the above move of the government, the equipment vendors have been asked to share their source codes for their elaborate and detailed scrutiny by third party accredited test labs.
However, the gear makers expressly criticized the above move and put forward the following points:
- The process of providing the source codes would be cumbersome, complex and would be a time-consuming task which could hamper quality
- Lack of specialised and accredited testing labs would only increase the trouble for the gear makers as the testing could not done in due time
- Some added that telecom equipment companies had already been complying with the required license, self-certification in accordance with the contemporary practices, and global standards. Therefore, the above testing requirement should not be implemented.
Interestingly, the telecom department is yet to provide any confirmation on the matter. It is speculated that the above move might be carried out by the government in respect of global security forum reviews. It will be rather captivating to see how the government, if at all is planning to bring in a testing procedure like above, would try to balance the interests of the gear manufacturers and also ensure development of a testing procedure that would identify protected and safeguarded source codes.