• United States



by Dave Gradijan

After Lawsuit, Cisco Embraces Black Hat

Jun 15, 20063 mins
CSO and CISOData and Information Security

The bad blood between Cisco Systems and organizers of the Black Hat conference appears to be a thing of the past.

One year after suing the hacker conference for allowing security researcher Michael Lynn to disclose a security vulnerability, Cisco is returning to Black Hat—this time as one of the show’s top sponsors. Black Hat USA will be July 29 to Aug. 3 in Las Vegas.

“Despite what happened last year, we wanted to show our commitment and show our openness to working with the security research community,” said John Noh, a Cisco spokesman.

Cisco has sponsored Black Hat in the past, but this is the first time it has shelled out for the show’s most expensive “platinum” sponsor status, Noh said. This means that Cisco’s name will be prominently displayed on conference materials and that the company will be given sponsorship credit for some of the show events such as coffee breaks.

Cisco’s legal team may not be in attendance, but members of the company’s product security incident response team information group will be there in force, Noh said. “We’re there to engage with the security researcher and attendees and have an open dialog with them, and get them to understand our philosophies around security research.”

The networking vendor might get an earful from security experts who blasted Cisco for its handling of the matter last year.

At last year’s show, Lynn demonstrated a method for running unauthorized code on a Cisco router. It was a difficult technical achievement that had been considered impossible by some, but Cisco saw it to be a dangerous disclosure of information that could be used to harm the Internet’s infrastructure.

Cisco, and Lynn’s former employer, Internet Security Systems, sued Lynn and Black Hat to prevent them from further discussing the matter. The lawsuit, however, helped bring more attention to the flaw and simply punished Lynn for doing security research that Cisco should have done itself, according to Cisco’s critics.

One security researcher was surprised to see Cisco listed as a sponsor, but he said that improving relations with security researchers would be good for the company. Security researchers have had many complaints about the company’s tactics, said Cesar Cerrudo, chief executive officer of security research firm Argeniss.

“I think they realized that public relations is more efficient than legal battles,” he said.

-Robert McMillan, IDG News Service (San Francisco Bureau)

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.