Cisco: Source Code Theft Doesn't Boost Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Cisco: Source Code Theft Doesn't Boost Risk

The networking equipment maker says the publication of some of its proprieetary software doesn't create an increased security risk.

SAN JOSE, Calif. (AP) -- The publication of some of Cisco Systems Inc.'s proprietary software blueprints does not create an increased security risk to the equipment that powers much of the Internet, the company said.

The world's largest maker of networking gear posted a message on its Web site more than a week after a portion of its Internetworking Operating System source code was illegally copied and posted on a Russian site.

Cisco said it was cooperating with the FBI and other law enforcement agencies investigating the theft. It referred questions about the investigation to the FBI, which did not immediately return a phone call seeking comment Friday.

"As a matter of policy, Cisco takes information security very seriously and continues to take active measures to protect its proprietary information as well as employee, customer and partner information," according to the statement, made public Thursday.

Cisco also said the pilfered code has been removed from the foreign Web site where it had been available for several days. The company said the theft "was not the result of a vulnerability in any product or service offered by Cisco."

It also said the company has no reason to believe the leak was the result of any malicious activity by an employee or contractor.

Analysts and experts say it's possible that the source code could be used by hackers to find and exploit vulnerabilities in the software. So far, no such hacks have been reported.

"It represents a risk to the company certainly with respect to potential reputation lost," said Dan Geer, chief scientist of Verdasys, an information security company.

San Jose-based Cisco is the world's leading maker of network routers and switches, the devices that carry and direct traffic over the Internet and other networks.

The software breach is the second time this year a prominent technology company has faced an embarrassing disclosure of its source code. In February, some pieces of Microsoft Corp.'s tightly guarded blueprints for some versions of Windows were circulating on the Internet.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll