SoylentNews is people
SoylentNews
from the closing-the-barn-door-after-the-horse-has-bolted dept.
Cisco is working to build the confidence of prospective customers in its products, two years after disclosures of spying by the U.S. National Security Agency seeded doubt, particularly in China.
It is increasingly putting more stringent security requirements on its suppliers and has launched a beta program that allows customers to analyze its products in a highly secure environment before buying. The efforts are intended to introduce more transparency to allay growing concerns over how supply chains could be opportunistically used by spies and cyber criminals.
The company has developed a master security specification for those suppliers with 184 requirements covering areas such as manufacturing, governance and asset management, Conway said. Other requirements revolve around personnel security, such as how people are trained or procedures used when peoples' jobs change or they're terminated, she said. Cisco is also taking a cue from other companies, including competitor Huawei and Microsoft, to allow customers to test and inspect source code in a secure environment.
A Cisco router might have 30 million lines of code, which would be impossible to completely vet. Proving a product hasn't been tampered with by spy agencies is like trying "to prove the non-existence of god," Skorupa said (a networking and communications analyst with Gartner).
[Also Covered By]: Computerworld
(Score: 2) by frojack on Thursday November 19 2015, @05:29AM
f the US is saying something to cisco, they listen. PERIOD.
Both you, and the AC posting about CALEA below, are missing the point that CALEA only applies in the US.
If selling to other jurisdictions CISCO is under no obligation to build in back-doors.
(Not saying they didn't, just that the didn't have to. The Chinese insist that Cisco routers are compromised and refuse to buy them.
No, you are mistaken. I've always had this sig.