[87834] in North American Network Operators' Group
Re: Cisco, haven't we learned anything? (technician reset)
daemon@ATHENA.MIT.EDU (Fergie)
Thu Jan 12 11:07:14 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Thu, 12 Jan 2006 16:05:06 GMT
To: hank@efes.iucc.ac.il
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Very good points, BTW.
And these are certainly factors which, I'm sure, other
companies are also susceptible. :-)
- ferg
-- Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
[re: http://www.cisco.com/en/US/products/products_security_advisory09186=
a00805e3234.shtml]
[snip]
Cisco acquired Protego in Dec 2004 and thereby acquired MARS:
http://www.infoworld.com/article/04/12/20/HNciscoprotego_1.html
Cisco didn't put it in there - they bought the bug for $65M. :-)
[snip]
I think Cisco just doesn't check the product closely enough and trusts t=
he
R&D coders and doesn't introduce an external security QA to the product
being purchased.
-Hank
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
