Cisco is working to build the confidence of prospective customers in its products, two years after disclosures of spying by the U.S. National Security Agency seeded doubt, particularly in China.
It is increasingly putting more stringent security requirements on its suppliers and has launched a beta program that allows customers to analyze its products in a highly secure environment before buying. The efforts are intended to introduce more transparency to allay growing concerns over how supply chains could be opportunistically used by spies and cyber criminals.
The company has developed a master security specification for those suppliers with 184 requirements covering areas such as manufacturing, governance and asset management, Conway said. Other requirements revolve around personnel security, such as how people are trained or procedures used when peoples' jobs change or they're terminated, she said. Cisco is also taking a cue from other companies, including competitor Huawei and Microsoft, to allow customers to test and inspect source code in a secure environment.
A Cisco router might have 30 million lines of code, which would be impossible to completely vet. Proving a product hasn't been tampered with by spy agencies is like trying "to prove the non-existence of god," Skorupa said (a networking and communications analyst with Gartner).
[Also Covered By]: Computerworld
(Score: 3, Insightful) by BananaPhone on Wednesday November 18 2015, @11:56PM
Doesn't matter, their allegiance is already known.
They will bow and crumple to bad laws and politicians without even putting up a fight.
Should anyone TRULY trust a company that will put profits before Justice, freedom, and the right thing to do*?
*The current "American Way" is no longer "the right thing to do"
(Score: 2) by takyon on Thursday November 19 2015, @12:11AM
If it kills overseas sales, they will not pledge allegiance to the United States. That's the silver lining in all this.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Thursday November 19 2015, @12:24AM
It's too late. At best they've been horrifyingly negligent in the design of their hardware and software in ways which make it impossible to keep the NSA out or even verify that your devices are clean. At worst they're outright colluding with them. Trust is an almost impossible thing to win back once lost; and they've lost it.
(Score: 4, Insightful) by TheGratefulNet on Thursday November 19 2015, @04:43AM
disagree. if the US is saying something to cisco, they listen. PERIOD. full stop.
who's your daddy? cisco knows. and its not just cisco. all US companies 'have' to comply with any order that comes from a perceived authority.
they could care less about your privacy or security. security theater is all that is needed, sad to say.
you'll never know what the real story is with places like cisco. its impossible for us normals to know the real goings on, but we can sure get a good guess, based on everything that we have seen and heard over the last decade or so.
there are trusted personnel who have private access to alternate builds and code. call them moles, if you want, but any company that is 'of interest' has them. and no, this isn't from a spy movie; again, sad to say, its our real world and its the dark side that is not made public.
bottom line, our current style of networking is unsecure and unless we redo things from the ground up, based on the assumption of LACK of trust in each node and even down to the memory and bus level, we won't have true end to end secure comms or secure computing.
"It is now safe to switch off your computer."
(Score: 2) by frojack on Thursday November 19 2015, @05:29AM
f the US is saying something to cisco, they listen. PERIOD.
Both you, and the AC posting about CALEA below, are missing the point that CALEA only applies in the US.
If selling to other jurisdictions CISCO is under no obligation to build in back-doors.
(Not saying they didn't, just that the didn't have to. The Chinese insist that Cisco routers are compromised and refuse to buy them.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday November 19 2015, @01:23AM
Someone is incredibly naive.
(Score: 0) by Anonymous Coward on Thursday November 19 2015, @05:00AM
So the known vulnerabilities shipped with enterprise hardware don't matter to you?