Instituting saner, professional source code management for embedded devices
We advocate: that rather than denying users the ability to make any changes to the router
whatsoever, router vendors be required to open access to their code (especially code that controls RF
parameters) to describe and document the safe operating bounds for the software defined radios within
the WiFi router.
In this alternative approach, the FCC could mandate that:
1. Any vendor of SDR, wireless, or WiFi radio must make public the full and maintained source
code for the device driver and radio firmware in order to maintain FCC compliance. The source
code should be in a buildable, change controlled source code repository on the Internet,
available for review and improvement by all.
2. The vendor must assure that secure update of firmware be working at shipment, and that update
streams be under ultimate control of the owner of the equipment. Problems with compliance can
then be fixed going forward by the person legally responsible for the router being in
3. The vendor must supply a continuous stream of source and binary updates that must respond to
regulatory transgressions and Common Vulnerability and Exposure reports (CVEs) within 45
days of disclosure, for the warranted lifetime of the product,
or until five years after the last customer shipment, whichever is longer.
4. Failure to comply with these regulations should result in FCC decertification of the existing
product and, in severe cases, bar new products from that vendor from being considered for
5. Additionally, we ask the FCC to review and rescind any rules for anything that conflict with
open source best practices, produce unmaintainable hardware, or cause vendors to believe they
must only ship undocumented “binary blobs” of compiled code or use lockdown mechanisms
that forbid user patching. This is an ongoing problem for the Internet community committed to
best practice change control and error correction on safety critical systems.
This path has the following advantages:
● Inspectability: Skilled developers can verify the correctness of software drivers that are now
hidden in binary “blobs”.
● Opportunity for innovation: Many experiments can be performed to make the network “work
better” without affecting compliance.
● Improved spectrum utilization: A number of techniques to improve the use of WiFi bands
remain theoretical possibilities. Field trials with these proposed algorithms could prove (or
disprove) their utility, and advance the science of networking.
● Fulfillment of legal (GPL) obligations: Allowing router vendors to publish their
RFcontrolling source code in compliance with the license under which they obtained it will
free them from the legal risk of being forced to cease shipping code for which they no longer
have a license.
Requiring all manufacturers of WiFi & 5G devices to make their source code publicly available and
regularly maintained, levels the playing field as no one can behave badly.