Cisco’s Settlement Over Video Surveillance Flap Signifies a New Era in Vendor Accountability

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• After a protracted legal battle that spanned nearly a decade, Cisco settled a lawsuit accepting accountability for a security flaw in a video surveillance system sold to Homeland Security, the Secret Service, and other U.S. government agencies.

• As part of the settlement, the partner’s employee who originally reported the vulnerability will receive $1.5 million.

Eight years after the filing of a lawsuit against Cisco on behalf of U.S. public sector customers and more than a decade after a Cisco contractor initially called attention to a serious security flaw in one of the vendor’s video surveillance solutions, the IT equipment maker reached an $8.6 million settlement with the aggrieved parties and admitted culpability. In a blog posted in late July, Cisco General Counsel Mark Chandler wrote that software developed by Broadware – a company acquired by Cisco – used an open architecture that could be vulnerable to a breach. The settlement amount equates to a partial refund to the U.S. federal government and 16 states that bought products between 2008 and 2013. And the $8.6 million settlement included a $1.6 million payment to the person who first identified the vulnerability, although ultimately, no breach ever occurred. Continue reading “Cisco’s Settlement Over Video Surveillance Flap Signifies a New Era in Vendor Accountability”