X

Hats off to Black Hat

Jon Oltsik
Jon Oltsik is a senior analyst at the Enterprise Strategy Group. He is not an employee of CNET.
Jon Oltsik
2 min read

It's been an interesting week since Cisco was publicly embarrassed by security researcher Michael Lynn at the Black Hat conference in Las Vegas.

Reports indicate that the company did its best to stop the presentation from happening then went into immediate litigious mode once the presentation was done. It is now doing its best to downplay the event, help its customers update the appropriate copies of IOS, and move on from this humiliating event.

What was Cisco thinking? For starters, the company has really jumped on the security bandwagon and must be very concerned about being perceived as "all sizzle and no steak." In addition, some of Cisco's IOS source code was stolen last year (talk about a security faux pas) and it is worried about the vulnerability fallout.

I'm not questioning Cisco's motives. Hey, who would want a public undressing? Nevertheless, I'm sure that Chambers and Co. wishes it could take a mulligan on its zealous reaction.

Cisco's market and legal weight couldn't stop a single individual who believed so strongly in exposing IOS vulnerabilities that he was willing to walk away from his job to deliver the presentation. Cisco came out looking like Big Brother.

There is a lesson to be learned here and the entire IT industry ought to be paying attention:

1. There is still a core group of technology purists in the academic and research communities willing to "out" you on security.

2. You'd better think through how you want to respond because intimidation tactics won't always work.

3. The next embarrassing event could happen to anyone. Cisco, Microsoft, and Oracle have been frequent targets in the past but the next time it could be EMC, IBM or SAP. Make sure your public and investor relation teams are prepared.

One other point. In this era of corporate-friendliness, it's refreshing to see a forum where participants are so passionate about their work. At the end of the day, the goal is to make computing safer which seems altruistic to me. Hats off to Black Hat! I'll try not to miss it again next year.