How the code got there is important because it will speak to the likely culprits and more accurate conclusions about their motives and possible intended targets. It will also speak to whether customers ought to be worried about possible flaws in other Juniper products.
Juniper’s silence can be interpreted in several ways.
It could be its legal team is telling it to say as little as possible in order to minimize the grounds for lawsuits against the company.
Juniper may be taking time briefing its biggest customers on the details under NDA in hopes they will issue public assurances that they are satisfied the devices, once patched, are trustworthy. Such endorsements could help ease the fears of smaller customers.
If placing the unauthorized code was the work of a government agency, say the NSA, the company could be under a Patriot Act gag. Since there are two instances of unauthorized code, the possibility exists that they were put there by separate parties.
Sign up for CIO Asia eNewsletters.