Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Wednesday November 18 2015, @11:22PM   Printer-friendly
from the closing-the-barn-door-after-the-horse-has-bolted dept.

Cisco is working to build the confidence of prospective customers in its products, two years after disclosures of spying by the U.S. National Security Agency seeded doubt, particularly in China.

It is increasingly putting more stringent security requirements on its suppliers and has launched a beta program that allows customers to analyze its products in a highly secure environment before buying. The efforts are intended to introduce more transparency to allay growing concerns over how supply chains could be opportunistically used by spies and cyber criminals.

The company has developed a master security specification for those suppliers with 184 requirements covering areas such as manufacturing, governance and asset management, Conway said. Other requirements revolve around personnel security, such as how people are trained or procedures used when peoples' jobs change or they're terminated, she said. Cisco is also taking a cue from other companies, including competitor Huawei and Microsoft, to allow customers to test and inspect source code in a secure environment.

A Cisco router might have 30 million lines of code, which would be impossible to completely vet. Proving a product hasn't been tampered with by spy agencies is like trying "to prove the non-existence of god," Skorupa said (a networking and communications analyst with Gartner).

http://www.infoworld.com/article/3006213/security/how-cisco-is-trying-to-keep-nsa-spies-out-of-its-gear.html

[Also Covered By]: Computerworld


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Flamebait) by Anonymous Coward on Thursday November 19 2015, @02:50AM

    by Anonymous Coward on Thursday November 19 2015, @02:50AM (#265217)

    Idiot alert! *whoop* *whoop* Idiot alert!

    Starting Score:    0  points
    Moderation   -1  
       Flamebait=1, Total=1
    Extra 'Flamebait' Modifier   0  

    Total Score:   -1  
  • (Score: 2) by jmorris on Thursday November 19 2015, @03:31AM

    by jmorris (4844) on Thursday November 19 2015, @03:31AM (#265237)

    Take a look at this: Serial to Ethernet Module [adhplc.com] and consider two things. One, this is off the shelf stuff and two they can transparently share an ethernet port, every server with IPMI and no dedicated LAN port for it has the electronics for it. Don't think a nation state actor can integrate that into a slightly smaller form than the product linked?

  • (Score: 0) by Anonymous Coward on Thursday November 19 2015, @05:28AM

    by Anonymous Coward on Thursday November 19 2015, @05:28AM (#265264)

    Have you seen how small some things can be made? If the only task is to gather data and pass it along then you don't need much... Common? No. Possible? Yes. CPUs started having unique identifiers quite a while ago...