Cisco Is Shooting Itself in the Foot

By David Coursey  |  Posted 2005-07-28 Print this article Print

Opinion: By trying to silence reports of old flaws in IOS, the network security company has done more than anyone to publicize vulnerabilities in its own products.

Im not sure who Cisco is trying to impress with its attempt to silence Michael Lynns revelation of holes in its Internetwork Operating System. At the same time, I wonder what point Mr. Lynn is trying to make, but its obviously something he feels is worth quitting his job and getting sued over. Unless I am missing something, this hullabaloo is over vulnerabilities that Cisco has already fixed, though they may still exist in older products. Nevertheless, Cisco is treating Lynns report that IOS wasnt completely secure as though it were a national security issue, which it may be. However, sending goons to remove pages from the Black Hat conference proceedings makes Lynns presentation seem more important than it probably is.
Read more here about Ciscos attempts to silence former ISS researcher Michael Lynn at the Black Hat conference.
Its also just foolish, since the real danger facing Cisco isnt Lynn; its the people who dont go public with findings of their vulnerability research, but use them to launch attacks. If Cisco cant secure the operating system that effectively runs the Internet, thats important. And if Ciscos failings could cause the Internet to fail or be seriously compromised, as Lynn alleges was possible, thats something we all have a stake in seeing fixed. If Cisco were doing its job, we might not need Michael Lynn to tell us about the companys shortcomings. But, because the bad guys already know—or could be presumed to know—about the problems, only Ciscos customers are out of the loop. Or were, until Lynn arrived on the scene. Click here to read more about Cisco filing suit against the Black Hat conference and Michael Lynn. On the other hand, Lynn may not be such a hero. Its hard to imagine that his disclosure didnt violate a number of legal agreements. Cisco and his former employer, Internet Security Systems, seem to have every right to sue. They also have every right to look really stupid in front of God and everybody. Its not clear to me that Lynn is a whistleblower, except in blowing the whistle on Ciscos peevishness. The companys overreaction might be taken by potential attackers as a sign of weakness, that there are even more serious vulnerabilities waiting to be discovered. As a media person, I always wonder what it is about companies that makes them address the problem of someone revealing confidential information in a way that only ensures that everyone—interested or not—will hear about it. I hope Cisco and ISS will realize theyve made their point and walk away before this mess takes on an even larger life of its own. Let this continue and Michael Lynn could become quite the celebrity, especially if Cisco and ISS fail in their legal attempts to silence him. Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers. He can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
One of technology's most recognized bylines, David Coursey is Special Correspondent for, where he writes a daily Blog ( and twice-weekly column. He is also Editor/Publisher of the Technology Insights newsletter and President of DCC, Inc., a professional services and consulting firm.

Former Executive Editor of ZDNet AnchorDesk, Coursey has also been Executive Producer of a number of industry conferences, including DEMO, Showcase, and Digital Living Room. Coursey's columns have been quoted by both Bill Gates and Steve Jobs and he has appeared on ABC News Nightline, CNN, CBS News, and other broadcasts as an expert on computing and the Internet. He has also written for InfoWorld, USA Today, PC World, Computerworld, and a number of other publications. His Web site is

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel