Cisco, ISS PR Disaster

#142 Bruce Schneier does an interesting, thought provoking analysis of the recent hulaboo at Black Hat regarding heavy handed tactcics against Black Hat conference organisers and security researcher Michael Lynn. Given the popularity of his excellent writings, and his stature in the industry, coupled with the viral nature with which his views will spread accross the Internet, I expect that sooner or later Cisco will attempt to recover from this bad publicity.

The main theme of the article is that "If companies have the power to squelch vulnerability information about their products, then there's no incentive for them to improve security."

With regards to customers and end users of Cisco's products:"Cisco's customers want information. They don't expect perfection, but they want to know the extent of problems and what Cisco is doing about them. They don't want to know that Cisco tries to stifle the truth:"

His final parting shot :"Despite their thuggish behavior, this has been a public-relations disaster for Cisco. Now it doesn't matter what they say -- we won't believe them. We know that the public-relations department handles their security vulnerabilities, and not the engineering department" ...ooh that hurt.