Security and Resilence are Jobs #1

Dec 27, Ren wrote, “We want to put credibility as the first priority, on top of features, features, and schedules. Unless the customer trusts our products, these excellent features have no chance to be worthwhile.”

” We need to reconstruct the corrupted architecture and historical code … even the best architecture has limited vitality. As time goes by … the architecture will be corrupted”

Over the past 100 years, many successful companies in the world have fallen because they cannot adapt to change. 

“Credibility” is a Google translation, which may not capture completely the intent.

Improve software engineering capabilities and practices to create credible, high-quality products

a letter to all employees

I am writing today to communicate with you how the company can comprehensively improve its software engineering capabilities and practices. The IPD revolution 20 years ago restructured our R&D model and transformed it from relying on individuals, continually launching successful products, to institutionalizing and continuously introducing high quality products. So far, our products and solutions have been safely and stably operated in more than 170 countries, and have accumulated and won the trust of tens of thousands of customers around the world. Today, we are at a new starting point, with comprehensive development trends such as cloud, intelligence, and software definition, and unprecedented requirements for the credibility of ICT infrastructure products. Credibility will become the basic condition for customers to buy, dare to buy, and accept and trust Huawei. Credibility is not only a high-quality result of the external performance of the product, but also a high-quality process inherent in the product, and a double verifiable high quality of the results and processes. Only by comprehensively improving software engineering capabilities and practices will it be possible to create credible, high-quality products.

The company has made it clear that cyber security and privacy protection are the company’s highest program. We need to integrate trust and build high quality in every ICT infrastructure product and solution. Key elements include:

Security. The product has good anti-attack capabilities to protect the confidentiality, integrity and availability of business and data.

Resilience. The system maintains a defined operational state when attacked, including downgrades, and the ability to recover quickly when attacked.

Privacy (Privacy). Compliance with privacy protection is both a requirement of laws and regulations and a manifestation of values. Users should be able to properly control how their data is used. The policy of using information should be transparent to users. Users should control when they receive and whether they receive information according to their needs. Users’ privacy data must have perfect protection capabilities and mechanisms.

Reliability & Availability. The product can guarantee business trouble-free operation for a long period of time in the life cycle, with the ability to quickly recover and self-manage, providing predictable and consistent services.

Comprehensive improvement of software engineering capabilities and practices is related to the company’s future survival and development, and is closely related to each of us. Here, I hope that all employees, especially software engineers, will take the initiative to participate, build on themselves, and work together to build credible high-quality products.

We need to change our mindset and pursue the creation of credible high-quality products, not only the high quality of functions and features, but also the high quality of product development to delivery. We know that features and features are critical to the product, and we know that progress is also critical to meeting customer needs. Today, we want to put credibility as the first priority, on top of features, features, and schedules. Unless the customer trusts our products, these excellent features have no chance to be worthwhile. Our managers and all employees at all levels are not able to reduce the credibility requirements based on the schedule, function, characteristics, etc., to ensure that the credible requirements are not deformed during the implementation process.

We must start with the most basic coding quality, depending on the high quality code for dignity and personal reputation. The code is like a brick and a tile in a high-rise building. There is no high-quality code. The credible product is the castle in the air. We need to optimize and follow the company’s various programming specifications, follow the architecture and design principles, and use a variety of programming libraries and APIs to write simple, standardized, readable, robust and secure code.

We need to deeply understand the core elements of the architecture and build and design based on trusted orientation. Under the premise of ensuring credibility, we must make trade-offs in terms of performance, function, scalability, etc.; carefully define our modules and interfaces, truly achieve high cohesion and low coupling; we must follow the authority and minimize the attack surface. And other security design principles, scientific design module isolation and interface, improve security; low-level architecture and design should follow high-level architecture and design principles, and continue to optimize in the context of fully understanding the original architecture and design; Be familiar with various design patterns, reuse common mature components and services, and avoid duplication of effort.

We need to reconstruct the corrupted architecture and historical code that does not meet the software engineering specifications and quality requirements. We know that even the best architecture has limited vitality. As time goes by, environmental changes, and the introduction of new technologies and new features, the architecture will be corrupted. In the face of a corrupted architecture, it is necessary to refactor it without hesitation. At the same time, take the initiative to follow the principle of trusted design, to reconstruct the historical code that does not meet the software engineering specifications and quality requirements, and enhance the vitality of the software architecture.

We need to delve into software technology, especially security technology. Software technology is the basic tool for us to build products. Whether the technology is advanced and the technology choice is reasonable will determine the height of our software. We must deeply study architecture and design, coding, testing, security, usability, performance, maintenance, experience and other technologies. And use these techniques scientifically.

We must abide by the consistency of the process. Comply with applicable laws and regulations, follow industry consensus standards, and specifications to ensure consistency of specification to implementation and code to binary consistency. The architecture must conform to the architectural principles, the design must follow the design pattern, the code must conform to the programming specifications, and ultimately the requirements and implementations are consistent, and each commitment to the customer is achieved. We can only create a credible high-quality product by doing everything in a down-to-earth manner.

To this end, we must change behavior habits and pursue quality. We must be open, transparent, active and courageous to reveal problems and actively promote improvements. Software development is a creative and artistic work that takes full advantage of our ingenuity and potential. We must change behavioral habits that only pay attention to functional results and do not pay attention to code quality. We must strictly abide by software engineering norms; change passive tinkering; change fragmented knowledge acquisition, actively learn to promote and contribute experience, code, and form a shared knowledge base. . There are still many behaviors and habits that we need to change. For most people, it will be a painful process of transformation, and it will take off a layer of skin, but I believe that everyone can meet this challenge.

More importantly, we will transform, through reform, a set of processes, organizations, and assessment mechanisms that adapt to these changes. We need to improve and enhance the transparent, traceable and auditable full process management mechanism to enhance software engineering capabilities and practices from initial design and complete build to product lifecycle management from a credible perspective. We will fully strengthen the code review and submission mechanism with the Committer role as the core, and the code will be incorporated into the version after more rigorous and systematic review. To this end, we will establish a higher level of Committer role group, responsible for software architecture care, code review and submission, and the overall quality of the integration code. We must change the assessment mechanism, let the people who have well-designed and well-written code stand out, and give help and training to those who do not meet the requirements of programming. But anyone who writes code that doesn’t fit into the version for a long time will be abandoned by the team.

Over the past 100 years, many successful companies in the world have fallen because they cannot adapt to change. To adapt to external changes, only self-evolution, we must remain open and continuous change. The board of directors has decided that comprehensive improvement of software engineering capabilities and practices will be carried out in a revolutionary manner. The chairman of the company, Xu Zhijun, is responsible for the initial investment of $2 billion. It is planned to build for the customer in the ICT infrastructure field in five years. The goal of the letter’s high quality products. I hope that you support and actively participate in this great change. Only in this way can we realize our vision and mission for the future: bringing the digital world to everyone, every family, every organization, and building a smart world of Internet of Everything.

Ren Zhengfei

December 27, 2018

Scroll to top