While it is true that the core WiFi code is not open source, the ESP-IDF is significantly more open than anything else on the market today.

This is not to say that Espressif is the bee's knees. I personally wouldn't use their hardware in production. But by making their product easily accessible, and much of the source code open, they have made it easier for white hats to raise security issues.

"avoiding patent infringement lawsuits via opacity"

Has there been any successful patent infringement lawsuits over the last three years that targets a Chinese company that has infringed upon a US company? Isn't that part of the issue in the current trade deal talks with China?

Not a US company being infringed, but Lego has gotten a Chinese court to order Lepin to stop making imitations of Lego products. [1] Since arrests have been made over Lepin not complying [2], it seems like the ruling has teeth.

[1] https://www.brothers-brick.com/2018/11/05/lepin-ordered-to-s...

[2] https://www.brothers-brick.com/2019/04/28/arrests-made-in-le...

Doesn't look like they've actually stopped.

https://lepinworld.com/

Several years ago Scottish chip company FTDI took matters into their own hands by releasing a driver that would brick counterfeits of their USB to serial converter chip: https://en.wikipedia.org/wiki/FTDI#Driver_controversy

At least they seem to be working on opening parts of the code and have already released the supplicant code for example.

https://github.com/espressif/esp32-wifi-lib/issues/2 https://github.com/espressif/esp-idf/commit/c1396830243b4c8f...

And honestly it's a little harder than Broadcom's to reverse. Xtensa doesn't have nearly the same support in reversing tools as ARM and MIPS. On the plus side though you do get unstripped binaries since it's a static library.

I agree, it is for sure harder to reverse, on the other side without releasing the source, it is also much easier to hide in and keep secret vulnerabilities and or zero-days.